Header image: Architectural widgetsSociology at Duke
Navigation Bar: Resources

Research and Training

Sociological Sites

Computing Resources

Departmental Publications

University Libraries

Quick Links

  
Home > Resources > Computing Resources > Virus Scanning

 

MailScanner Virus Scanning

MailScanner is a facility added to perform virus checking of mail which is inbound for delivery to Sociology INBOXes. MailScanner is not a substitute for your desktop virus scanning programs, however, it should intercept most viruses and make your INBOX a much safer place. MailScanner's virus scanning is completely independent of spam filtering done by SpamAssassin and is performed before mail is scanned by SpamAssassin.

MailScanner performs the following procedures on incoming mail:

  1. Scans for Viruses - Each inbound email message is scanned. If the message scans cleanly, it is passed to step 2 below. If a virus is detected, MailScanner attempts to remove the virus from the message - a process termed disinfection.

    • If disinfection is successful, MailScanner sends the message to the recipient with ******VirusScan Notification****** in the subject line. The message body is altered to indicate that the message has been disinfected. The message is safe to open.

    • If disinfection fails, the message is checked to see if it contains a "junk" virus, such as Klez or Sobig. Junk virus messages contain no content other than the virus, and are spewed forth by infected machines without the consent of the person using the machine. If this is the case, the message is deleted and no notification is sent to the recipient.

      If the virus is part of a real message, the message is placed into "quarantine". The recipient will receive an email indicating that the message will be available for viewing at a web site, in text-only form, for the next 10 days. The user can safely view the text-only version on the quarantine web site. The sender of the virus can be notified and asked to resend the message again after taking appropriate cleanup steps.

  1. Scans for Bad Filetypes - Messages that clear the virus scan hurdle are next checked for suspicious attachments. Message attachments are checked against a database of filetypes which are commonly used to distribute viruses. For example, attachments with extensions such as .scr (Windows Screensaver) and .pif (DOS shortcut) are frequently used to spread viruses and are almost never sent as part of legitimate email.

    Messages passing the second scan are sent on to the recipient.

    If a messages fails the filetype check, the recipient is notified that the message matches a list of file types that are not permitted by MailScanner. Such notifications contain ******File Check Failed****** in the subject line. In addition, the message is quarantined. The recipient is notified that the questionable attachment will be available for viewing on the quarantine web site, in text-only form, for the next 10 days.

Sociology Home | Arts & Sciences Home | Duke University Home |Webmaster | Contact the Department

© Copyright 2002-2003, Duke University
People Graduate Program Undergraduate Program Resources Home Duke University Home