Content Scanning and User Education Help Reduce Virus Risks

I’ll make sure I don't sign this week’s column with "I Love You." I'm amazed how something so simple can cause such destruction and inconvenience. How many of you were drastically affected by last week’s events with the ILOVEYOU worm? How many gateways shut down and Message Transfer Agents (MTAs) stopped? My company's information management folks did a stellar job of proactively preparing and reacting to this real-world problem. I can’t emphasize enough how important content scanning at your gateways and a little user education are in these instances.

Scanning content on your incoming SMTP gateway is an excellent way to protect your organization from viruses such as Melissa, WormExplore, and ILOVEYOU. Content scanners that are available from vendors such as Content Technologies let you scan incoming SMTP traffic for MIME attachments similar to those we saw last week. My company implemented content scanning, and by the time most ILOVEYOU messages reached recipients, they contained nothing more than sterile attachments that informed the user that the file contained a virus and had been cleaned. We configured our antivirus and scanning software to look for anything named LOVE-LETTERS-FOR-YOU.TXT.VBS, LOVE-LETTERS-FOR-YOU.TXT.TXT, VERY FUNNY.VBS, or VERY FUNNY.TXT to avoid last week’s outbreak and copycat outbreaks. We also used third-party add-ons to configure our Exchange Internet Mail Services (IMS) to block anything with a .vbs (VBScript) extension.

Although scanning for attachment content on your SMTP gateway is the best way to protect your organization, it can’t stop everything. That's why user education is the other pillar that good protection must stand on. It seems rather simple: If you don’t know the person who is sending you an attachment with an .exe, .com, .vbs, or other extension, DON’T OPEN IT! However, not all users know that every VBS file is a potential bomb. We must educate Exchange users about these points and encourage them to practice the default rule of not opening any attachment they aren’t sure about. In last week’s outbreak, the users who were savvy enough to not open the suspect messages and instead hit the delete key went about their business as usual. This is a key point: Antivirus software by itself can't protect you from these attacks. It's a combination of a well-implemented gateway and server-based scanning process combined with some solid user education practices. Microsoft Outlook is a rich and powerful client tool. With this richness and power come some vulnerabilities that attacks such as Melissa and ILOVEYOU have exploited. Only through this two-pronged approach can you ensure your organization is protected.