Craig Lant, System and Network Security
It's a beautiful morning. The sun is shining and there's a warm breeze. Bunky sits down in front of his computer full of optimism about what he might find in his email inbox.
Hey! Someone from the Netherlands has been kind enough to send me some pictures of Anna Kournikova!
Hmm. I don't see any pictures. Oh well. Lets see what else there is.
What? Someone has a secret crush on me? I wonder if it's that woman in the Chemistry Department.
Hmm. I thought she was married …
Oh good! Jeff finished editing that Word document.
Looks good! I'll forward it to everyone else on the project.
Later that afternoon, it's not so beautiful. Dark clouds have rolled in and Bunky's feeling a bit queasy.
Aaaaarg! All the disks on all the computers in our group have been erased and now none of them will boot! If that weren't enough, everyone I know seems to think I have a secret crush on them and they want to see those Anna Kournikova pictures! What happened and why do I feel queasy?
Well Bunky, it's just a guess, but I'd say you caught yourself a virus … and a couple of worms. What? You don't have any backups? I wouldn't make plans with that woman in the Chemistry department any time soon. You've got a lot of work to do.
OK. So, Bunky was a bit daft in this example. Most of us know not to open up an email attachment that purports to be pictures of Anna Kournikova. But, will we know about the next nasty virus in time? Who can resist a secret note from that pretty woman or handsome man across the hall? And many viruses propagate by simply infecting MS Word documents (or other types of documents) that you're expecting to be sent to you via email.
The only real solution, of course, is antivirus software. Fortunately, the campus has a bulk license for Norton Antivirus (see the WSSG Software page [http://software.berkeley.edu]). This is really good software and everyone should install it, run it regularly, and keep it up to date. However, there are some deficiencies with this approach. Unfortunately, not everyone does install this software, fewer people actually make sure it's running regularly, and hardly anyone keeps it up to date. Furthermore, it can be very tedious to scan all of your email attachments before you open them. Since the majority of viruses and worms propagate via email, this leaves a rather unfortunate hole in your protection.
What if we could scan email for viruses on the email server? Then we could remove or clean viruses from your email before it even gets to your desktop and you wouldn't have to worry about email borne viruses at all. That would be cool! Smile, kick up your heels, and say hello to the Trend Micro VirusWall! It's gonna make Bunky a happy guy again.
The campus recently purchased a bulk license for the VirusWall software from Trend Micro (http://antivirus.com). Under the hood, VirusWall is very similar to Norton Antivirus. It quickly scans files for viruses and other malicious code. But, the VirusWall is designed to run on an email server rather than your desktop system.
Once the VirusWall is installed on an email server, it will scan every message that passes through that server for viruses. If a virus is found in a message it will either clean or remove the virus and notify both the sender and the recipient. Since the VirusWall automatically checks with Trend Micro every day to see if there are any new viruses, you can be sure that it will know about and be able to handle new viruses long before you're likely to get them.
This, of course, does not eliminate the need for Norton antivirus. There are other ways a virus can get into your desktop computer and you really do need a good, up to date, antivirus program to make sure your computer stays clean and healthy. But, if you manage an email server on campus, get with the program and fire this puppy up. Your users will love you for it. If someone else manages your email server, wake them up and poke them with a stick until they do the right thing and get this stuff installed.
Trend Micro has been building this kind of software for many years and they've been at the top of the market since the beginning. As such, their software is extremely versatile and can accommodate practically any email server configuration. The software currently runs on Solaris, Linux, Windows NT, and HP-UX. There are also Beta versions of the software available for Tru64 and other platforms. If your platform isn't supported, you can also drop an inexpensive Solaris or Linux box in front of your server to do the virus scanning. The VirusWall will soon protect even UCLink, with its extremely high volume of traffic. If it can work on UCLink, it should work on any other campus mail server. Feel free to contact me, craig@ack.berkeley.edu, for advice on VirusWall deployment.
The first step is to take a look at our Campus Distribution of Network Scanning Software page (http://socrates.berkeley.edu:2002/viruswall.html) and request a serial number. With that serial number you'll be able to download the software and the documentation and install it on your server.
Today our hero opened his inbox with confidence, knowing that nothing in there could hurt him. He found mostly useful news and information from his friends, colleagues, and loved ones. There were a couple of warnings that indicated someone (at another institution) was infected with a new virus. But, he didn't worry about that because he knew that a message had already been sent to them, warning them of the infection. This time, his correspondent Jeff had also already been notified of his infection and he cleaned it up right away with Norton Antivirus. So, Bunky strolled happily to the coffee shop to have a morning cup of coffee and a muffin with his new wife (the Chemist).
[ Next Article | Contents | Search BC&C | BC&C Main Menu | IST | UC Berkeley ]
Berkeley Computing & Communications,
Volume 12, Number 2 (Spring 2002)
Copyright 2002, The Regents of the University of California