Due to an increasing number of incoming e-mail with virus into the department the Department has decided to implement a virus protection on our mail servers.Below are some questions and answers that you might have regarding the virus scanner that we have on our mail server.
- How do I know if my e-mail was scanned by the virus scanner?
- What happens if someone sends me a virus?
- I got this e-mail from "MailScanner", what does this message mean?
- How often does the virus IDE file get updated?
- My friend is trying to send me a file and its not a virus, but the virus scanner thinks it is and won't send the attachment. What do I do?
- When do I need to contact support?
- What file formats are not allowed as an attachment?
- What is SpamAssassin?
Q: How do I know if my e-mail was scanned by the virus scanner?
User can varify that user's e-mail was scanned by the MailScanner by looking at the header of the e-mail. Most of the mail clients give users the option to view the full header of the message.Q: What happens if someone sends me a virus?One of the header will have a line such as:
X-MailScanner: Found to be clean, Found to be infected, or Disinfected.A message is "Found to be clean" if the software couldn't detect any virus in its message and also in its attachments.
A message is "Found to be infected" if the software detected virus in the e-mail message.
A message is "Disinfected" if the software detected virus in the attachment of the message and its been disinfected.
Every e-mail that comes to ICS from outside of ICS will be scanned by the MailScanner. If the e-mail contains a virus, the Sophos Virus Scanner will attempt to disinfect the e-mail. Because some virus forges email addresses (such as Klez) only the receiver will receive an email from the MailScanner user indicating that the e-mail contained a virus.Q: I got this e-mail from "MailScanner", what does this message mean?Depending on the status of the scanned e-mail the sender and the receiver will receive different messages from the "MailScanner" user. List of messages and their explanations can be found at NACS's website.Q: How often does the virus IDE file get updated?The virus identy (IDE) file gets updated every hour from the Sophos site.Q: My friend is trying to send me a file and its not a virus, but the virus scanner thinks it is and won't send the attachment. What do I do?Make sure that the file that your friend is trying to send is not a virus and use ftp to tranfer files.Q: When do I need to contact support?Please contact helpdesk@ics.uci.edu if you received an email indicating that you sent a virus when you did not send the email in question.Q: What file formats are not allowed as an attachement?The MailScanner checks for virus and it also checks for hidden double extention files.Q: What is SpamAssassin?Please look at
/opt/mailscanner/etc/filename.rules.conffile to see the list of files and file extentions that the Sophos virus scanner will deny.SpamAssassin works similarly to the virus scanner. By adding extra headers to the message you can configure your e-mail program to place possible spam messages into a folder other than your inbox. The headers contain a line which looks similar to:X-ICS-MailScannerNACS also runs SpamAssassin and has some great instructions for configuring different clients:
http://www.nacs.uci.edu/email/spam-assassin.html
