CONTENTS A-Z   |   SEARCH   |   CHANGE YOUR PASSWORD  |  ANNOUNCEMENTS  |  STATUS MESSAGES

Viruses on M: drives/home directories

Summary

• All centrally-held M-drives/home directories are now scanned daily for viruses/worms. Wherever possible, infected files are disinfected. Files which cannot be disinfected will automatically be deleted by the virus scanner, and the owner informed by email.

Details

The University now has good virus protection, particularly against viruses or worms carried by email. However it is still possible for viruses or worms to be imported by other means. Desktop computers have the Sophos virus protection program to guard against infected files on their disks. We have now extended this protection to the central filestore -— M-drives or home directories.

Each evening the central filestore is scanned for viruses or worms. Wherever possible infected files are disinfected -— the virus or worm is removed.

However some files cannot be disinfected by Sophos: files (for example programs) where disinfection might itself produce a damaged and unsafe file; and archive files such as zips or tars containing one or more infected subfiles.

The virus scanner automatically deletes infected files which it cannot disinfect, and emails details to owners, including the identification of the virus which caused the infection. (This matches the policy for incoming email: the attachment is deleted —- or if necessary the whole email -— with appropriate notifications sent out.) Since the filestore is scanned every evening, it is likely that any infected files deleted from your filespace will be ones you have imported within the preceding 24 hours. You can then go back to the source of the file to get a clean version. If the infected files have been in your filespace for over 24 hours then our Anti-Virus software has improved, and now identifies the deleted files as infected. We recommend that if you keep any copies of these files elsewhere you should also scan these to ensure that they are clean.

The Information Systems Strategy Committee feels that deleting files which cannot be disinfected is preferable to inviting owners to attempt to clean them up. The latter is too much like encouraging do-it-yourself bomb disposal. Since such infected files will be very recent, it should be possible to get hold of a clean copy, if one exists.

If you have any technical queries on this policy, please contact Bret Giddings (bret@essex.ac.uk)

The person responsible for the content of this page is David Constable.

© 1999-2010 University of Essex. All rights reserved.
Computing Service, University of Essex, Wivenhoe Park, Colchester, Essex, CO4 3SQ.
Computing Help Desk: telephone +44 (0)1206 872345. Main office: telephone +44 (0)1206 872329; fax +44 (0)1206 860585.

Document last modified by David Constable
(e-mail: davidc; non-Essex users should add @essex.ac.uk to create full e-mail address)
on 10 May 2002.