By Andrea Chan
What Do I Do About Viruses?
At SLAC we take various measures to protect e-mail and
Windows computers from viruses and other malicious code. Users of the SLAC
e-mail systems and supported Windows computers should contact their local
administrators if they receive notification that they have a virus.
The local administrators work with SCS to disinfect
compromised systems and infected files, and to determine the source and
cause of the infection. However, if you are not using SLAC e-mail systems
or your computer is not supported by your local administrator, these
measures will not protect you.
Where Viruses Come From
The sources of infection are most commonly e-mail (e.g.,
attachments) but can also be files that get onto the local computer by
other means (e.g., floppy disk, CD, download from Internet, SLAC servers).
Such an infected file may then be sent back out as e-mail.
How SLAC Deals With Viruses
Anti-virus software on the e-mail servers scans incoming
e-mail and removes suspicious attachments such as infected files,
executables or Word/Excel files with macros. The intended recipients of
these messages receive a substitute text file instead, informing them of
that the attachment has been removed.
Outgoing e-mail is also scanned for viruses. Infected
files are stripped and the sender is sent an e-mail notification.
Since the infected files never reach the user, there is
nothing s/he needs to do unless the stripped file needs to be retrieved.
(In these cases the user should e-mail the
Overall, SLAC has a good history of avoiding any
widespread infections. This is thanks to the cooperation of the user
community, as well as the anti-virus measures taken on the e-mail systems,
Windows servers and on the supported Windows client systems.
|(Graphic courtesy of SCS)
What You Should Do
If you get a notification indicating that an infection has
originated from one of your files, please immediately contact your local
administrator. This will set in motion a process put in place to work with
your local administrator and SCS.
After your local administrator checks your anti-virus
software to make sure that it is working properly and the signature file
is up to date, s/he will scan your local system. SCS will also have
received notification of the infection (if not, the local administrator
will contact SCS), and will scan for any infections on the servers. Only
SCS should check the servers because if this is not done in a coordinated
manner it may cause a slowdown affecting the whole site.
Files May Still Get Infected
In spite of these measures, files may still get infected
• A new virus may infect files before the vendors update
their anti-virus signature files to detect the new virus
• The anti-virus software may not be working properly
For these reasons, SCS needs to be notified by local
administrators whenever there is an infection in order to investigate the
It is important that you also have anti-virus software
installed on your home computers. Make sure that the anti-virus signature
files in your computer are updated frequently. If you belong to the
Stanford community and have a SUNetID, you can download and install the
Stanford anti-virus software for your home computers.
More information is available on the Windows FAQ and
E-mail Web pages in two locations. See:
For a list of local administrators, see:
For additional questions about dealing with viruses,