[Zsd-news] Viruses and other E-mail Problems.

I. Forbes iforbes@zsd.co.za
Mon, 20 May 2002 11:17:01 +0200 

Hello All

As many of our users are aware, there are a number of new e-mail computer viruses doing the rounds.  These 
viruses have many variants and some of the variants have not been detected by some commercial antivirus 
protection programs.  As a result of this a number of our users have suffered virus infections.

ZSD has a virus filter system installed on our main e-mail servers.  This system examines the characteristics of 
the e-mail and rejects messages that match the characteristics of common viruses.  It does not rely on matching 
patterns to a database of known viruses. Thus it can detect new viruses as well known viruses.  Our filter system 
detected most of the new variant of the above viruses.  Unfortunately it had certain limitations and it was not able 
to detect them all.  A number of the variants managed to get through.

As a result of this we have recently installed a completely new filtering engine.  The new engine now detects 
virtually all of the new variants which contain code designed to trick buggy e-mail clients into running the virus 
code without the user's intervention.  The variants that we do not stop all have to be opened manually.  The 
engine offers us a lot more flexibility and in the future we plan on stopping even more types of viruses.

Unfortunately progress does not come without problems.  On Friday we experienced a "crash" with the new 
system and a number of e-mails were bounced.  These were "returned to sender" instead of being delivered to 
their end destination.  They should be sent again.

We have a testing procedure for the new engine.  All changes are first tested on a test system using dummy e-
mail.  Then it is tested in a beta environment with a limited quantity of live e-mail.  Finally it is installed on our 
production servers.  The system was running for a number of days before we experienced Friday's problem, 
which caught us off guard.  I am confident we will not have another occurrence like this.

I would like to apologize for any inconvenience this may have caused.

Regards

Ian Forbes