[Zsd-news] Viruses and other E-mail Problems.
I. Forbes
iforbes@zsd.co.za
Mon, 20 May 2002 11:17:01 +0200
Hello All
As many of our users are aware, there are a number of new e-mail computer viruses doing the rounds. These
viruses have many variants and some of the variants have not been detected by some commercial antivirus
protection programs. As a result of this a number of our users have suffered virus infections.
ZSD has a virus filter system installed on our main e-mail servers. This system examines the characteristics of
the e-mail and rejects messages that match the characteristics of common viruses. It does not rely on matching
patterns to a database of known viruses. Thus it can detect new viruses as well known viruses. Our filter system
detected most of the new variant of the above viruses. Unfortunately it had certain limitations and it was not able
to detect them all. A number of the variants managed to get through.
As a result of this we have recently installed a completely new filtering engine. The new engine now detects
virtually all of the new variants which contain code designed to trick buggy e-mail clients into running the virus
code without the user's intervention. The variants that we do not stop all have to be opened manually. The
engine offers us a lot more flexibility and in the future we plan on stopping even more types of viruses.
Unfortunately progress does not come without problems. On Friday we experienced a "crash" with the new
system and a number of e-mails were bounced. These were "returned to sender" instead of being delivered to
their end destination. They should be sent again.
We have a testing procedure for the new engine. All changes are first tested on a test system using dummy e-
mail. Then it is tested in a beta environment with a limited quantity of live e-mail. Finally it is installed on our
production servers. The system was running for a number of days before we experienced Friday's problem,
which caught us off guard. I am confident we will not have another occurrence like this.
I would like to apologize for any inconvenience this may have caused.
Regards
Ian Forbes