|
|
 |
| CONTENTS A-Z | SEARCH | CHANGE YOUR PASSWORD | ANNOUNCEMENTS | STATUS MESSAGES |
|
Q: Why are you so concerned about email attachments?
A: We aren't concerned about all attachments, just raw executables in
some languages. Those are the ones that run automatically when you double-click the
attachment.
Q: Why are those particularly concerning?
A: That sort of attachment is commonly used for the spreading of
viruses. And some of the viruses developed recently spread very rapidly. The
Service has a policy of blocking
certain types of attachments because of the risk they pose. The Service also
blocks attachments with a double suffix i.e. filename.doc.vbs, as these can also
present a risk. However as viruses develop continually you need to be on your
guard regarding any attachment received.
Q: So, what attachments can I trust?
A: Text attachments are probably safe. Treat anything else with
caution. Even Word and Excel documents may contain viruses (in particular, you should
ensure that all Office applications are configured to warn you before opening a document
containing macros. You should never enable macros when opening an Office document
sent as an attachment).
Q: But these emails are from my granny and my two best friends. I trust them
not to send me viruses.
A: Unfortunately, that is part of the problem. Many newer
viruses open your mail address books, extract the addresses, and automatically
email themselves to some or all of the addresses. The mail will then appear to come from
you. So that email from your granny may mean her computer is infected, and if you run the
attachment, yours will be too. As will those of all your friends, to whom the virus mails
itself. And all their friends...
Q: Can't the Computing Service do something about this?
A: What we can do, we do. We make desktop anti-virus software available, and offer advice on keeping it up-to-date. We
automatically update the virus pattern files as you log in. In addition, we scan all incoming
mail with Sophos, which will detect viruses, disinfect infected
attachments if possible, and delete attachments infected with an uncleanable
virus. But we can't do anything about viruses too new for pattern files matching them to
have been distributed. We also scan email with SpamAssassin, which marks emails suspected of being
Spam
Q: So I needn't do anything?
A: Yes, you do. There is always the risk that a virus has got past
both the anti-virus software and Sophos. New viruses are being written every day, and
while the vendors can produce pattern files to catch them within hours, the virus writers
are always a little ahead. We update our pattern files daily, but until that is done, a
new virus could still get through.
Q:
I have received an email with an
attachment - what now?
A: First of all: do not run the attachment.
If the email is unsolicited, the subject is blank or dubious, or the attachment has a dubious name then it is best just to delete the mail message. You should also be suspicious of links to websites in such messages.
If the attachment appears to come from someone you know, or are expecting a message from, and the attachment is one you want to look at then you should save it to disk (it is best to set a specific folder aside for this purpose), and run the anti-virus software on it. However you should be wary of messages where the text is not in the style you would expect the correspondent to use, or inconsistent with the subject / attachment.
If the anti-virus software finds a virus you shouldn't keep the attachment: delete it ASAP (and warn the sender they are infected). If the anti-virus software passes it, you can be reasonably confident the attachment is bug-free. But you still need to satisfy yourself it has no new viruses before running it.
This step is generally a matter of judgement. If the sender is known to you, or you are expecting the attachment then it is probably safe. If not, treat the attachment with suspicion. If the attachment is not expected, is it the sort of thing you would expect the correspondent to send? If not, again it looks suspicious ... perhaps you should contact the sender, by email or telephone, to check they actually did send you a message / attachment.
Q: I'm not sure about an attachment,
but I want to look at it ... what can I do?
A: If both Sophos and the anti-virus
software pass that
attachment, it is probably virus-free. But if you are in any doubt, you should wait for at
least 2 days before examining the attachment. Then, just before examining it, log out of
your machine, and back on ... this will update your pattern file. Then examine it
again with the anti-virus software. If is still claimed to be virus-free, then it probably is, and
you can safely open it.