The first step to minimizing the effect of viruses is to use an email server that filters
incoming emails using antivirus software. If the server is kept up to date, it will catch the
majority of Mass Mailer (MM) worms. Ask your Internet Service Provider (ISP) if they
offer antivirus protection and spam filtering on their email servers. This service is
invaluable and should always be included as the first line of defense.
Many companies house an internal email server that downloads all of the email from
several external email accounts and then runs an internal virus filter. Combining an
internal email server with the ISP protection is a perfect for a company with an IT staff.
This option adds an extra layer of control, but also adds more administration time.
Sample specs for an internal email server are:
Setup #1
Linux: OS
Sendmail: Email server
Fetchmail: Grabs email from external email addresses
F-prot: Antivirus
SpamAssassin: Spam Filter
Setup #2
Win 2003 Server: OS
Exchange: Email server
Symantec antivirus: Antivirus
Exchange Intelligent Message Filter: Spam Filter
Software Updates
Keep you software up to date. Some worms and viruses replicate through vulnerabilities
in services and software on the target system. Code red is a classic example. In august
2001, the worm used a known buffer overflow vulnerability in Microsoft’s IIS 4.0 and
5.0 contained in the Idq.dll file. This would allow an attacker to run any program they
wanted to on the affected system. Another famous worm called Slammer targeted
Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000.
When updating your software, make sure to disable features and services that are not
needed. Some versions of WinNT had a web server called IIS installed by default. If you
do not need the service, make sure it is turned off (Code red is a perfect example). By
only enabling services you need, you decrease the risk of attack.