At SLAC we take various measures to protect e-mail and Windows computers from viruses and other malicious code. Users of the SLAC e-mail systems and supported Windows computers should contact their local administrators if they receive notification that they have a virus.

The local administrators work with SCS to disinfect compromised systems and infected files, and to determine the source and cause of the infection. However, if you are not using SLAC e-mail systems or your computer is not supported by your local administrator, these measures will not protect you.

The sources of infection are most commonly e-mail (e.g., attachments) but can also be files that get onto the local computer by other means (e.g., floppy disk, CD, download from Internet, SLAC servers). Such an infected file may then be sent back out as e-mail.

Anti-virus software on the e-mail servers scans incoming e-mail and removes suspicious attachments such as infected files, executables or Word/Excel files with macros. The intended recipients of these messages receive a substitute text file instead, informing them of that the attachment has been removed.

Outgoing e-mail is also scanned for viruses. Infected files are stripped and the sender is sent an e-mail notification.

Since the infected files never reach the user, there is nothing s/he needs to do unless the stripped file needs to be retrieved. (In these cases the user should e-mail the postmaster@slac.stanford.edu.)

Overall, SLAC has a good history of avoiding any widespread infections. This is thanks to the cooperation of the user community, as well as the anti-virus measures taken on the e-mail systems, Windows servers and on the supported Windows client systems.

(Graphic courtesy of SCS)

What You Should Do

If you get a notification indicating that an infection has originated from one of your files, please immediately contact your local administrator. This will set in motion a process put in place to work with your local administrator and SCS.

After your local administrator checks your anti-virus software to make sure that it is working properly and the signature file is up to date, s/he will scan your local system. SCS will also have received notification of the infection (if not, the local administrator will contact SCS), and will scan for any infections on the servers. Only SCS should check the servers because if this is not done in a coordinated manner it may cause a slowdown affecting the whole site.

In spite of these measures, files may still get infected occassionally because:

• A new virus may infect files before the vendors update their anti-virus signature files to detect the new virus

• The anti-virus software may not be working properly

For these reasons, SCS needs to be notified by local administrators whenever there is an infection in order to investigate the cause.

It is important that you also have anti-virus software installed on your home computers. Make sure that the anti-virus signature files in your computer are updated frequently. If you belong to the Stanford community and have a SUNetID, you can download and install the Stanford anti-virus software for your home computers.

More information is available on the Windows FAQ and E-mail Web pages in two locations. See:

http://www2.slac.stanford.edu/comp/winnt/faq/faq.htm

http://www.slac.stanford.edu/comp/net/email/index.html

For a list of local administrators, see: http://www2.slac.stanford.edu/comp/winnt/local-administrators.html

For additional questions about dealing with viruses, e-mail desktop-admin@slac.stanford.edu or postmaster@slac.stanford.edu