Filtering of viruses in E-mail
When and how does the filter work?
The C&CZ mailservers, running sendmail,
invoke MIMEDefang for each mail they
receive, to scan for a virus and filter for spam.
This means that the virus- and spamfilter works for all mail these servers process, whether incoming, outgoing or forwarded.
If a mail contains an attachment with dangerous content, this mail is put into quarantine. The mail without the dangerous attachment, but with an attachment that explains what has happened, is forwarded to the addressee. If the mail is delivered to a user on a C&CZ mailserver, then the mail is delivered in the Virus folder. It is necessary to subscribe to the Virus folder to see its contents. Mail older than 14 days is automatically removed from this folder.
An attachment is considered dangerous if it is an executable program,
e.g. .exe, .bat, .dll. Since MS-Windows considers zip-files to
be directories, and therefore viruses in zip-files started to appear,
we also consider an executable in a zip-file to be dangerous. In order
not to make the list too long (a zip-file in a zip-file in …, the Dutch
chocolate Droste-effect), we also consider a zip-file in a zip-file to
be dangerous. As of February 20, 2017, after a few cases of ransomware,
we also consider a html/htm-file within a zip-file to be dangerous.
Other antivirus measures
Since viruses can spread in more ways than mail (network shares, USB-sticks, www, …) it is good practice for (MS-Windows) users to use a PC virusscanner with a recent virusdatabase. The RU has a campus license for the use of F-Secure. See our Windows software-page for more information about the different versions.