Page One

Campus Computing News

EagleMail Gets a New Face, and More ...

Lab-of-the-Month: The Labs of the College of Arts and Sciences

Winter Break Hours

Renew PRAS Accounts for the Spring

Virus Scanning in GroupWise

Today's Cartoon

RSS Matters

The Network Connection

List of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online
    

Virus Scanning in GroupWise

By Claudia Lynch, Benchmarks Online Editor

According to Andrew McGregor, the "Tips on GroupWise" guy, and Jason Myre of the CWN Messaging Support Group, a new virus scanning E-mail server has been implemented for GroupWise. Called Iatro (pronounced ya-tro -- the Greek word for doctor), it is currently checking all incoming E-mail destined for GroupWise mailboxes. All outgoing GroupWise E-mail is also being scanned. According to the CWN folks, this is necessary because of the unique way GroupWise encrypts its E-mail and handles attachments.

How can you tell your mail is being scanned by Iatro?

If your mail is being scanned, you will notice an additional hop in the mime header. For example:

==
Received: from iatro.unt.edu
by gwia.unt.edu; Tue, 31 Oct 2000 09:21:18 -0600
Received: from Mercury.acs.unt.edu (mercury.acs.unt.edu [129.120.220.1])
by iatro.unt.edu (8.9.3/8.9.3) with ESMTP id JAA19306
for <lynch@cc.admin.unt.edu>; Tue, 31 Oct 2000 09:21:38 -0600
==

What if a virus is found?

If Iatro finds an infected E-mail message, it will not route it, but rather send a notification to both the sender and recipient (Note: An intended UNT recipient will not be notified if the sender's address is also from UNT). Below is an example of the notification message that the sender receives:

VIRUS ALERT

A virus was detected in an email message sent by you.
We stopped delivery of this email!


Recipient: <tbrown@cc.admin.unt.edu>
Subject: EICAR TEST
Virus: Found: EICAR test file NOT a virus.

The recipient was notified. Please scan your computer before you resend the message.

This is an automated message produced by UNT's antivirus gateway. If you have any questions, email the postmaster at postmaster@iatro.unt.edu

Similarly, if someone attempts to send you an infected message, you will receive something like this:

VIRUS ALERT

A virus was detected in an email message sent to you.
We stopped delivery of this email!


Sender: <tkmail@yahoo.com>
Subject: EICAR TEST
Virus: Found: EICAR test file NOT a virus.

The sender was notified.

This is an automated message produced by UNT's antivirus gateway. If you have any questions, contact your network manager or email the postmaster at postmaster@iatro.unt.edu

Finally, here is the message you will receive if you attempt to send an infected file, via the Internet, to someone else on campus:

VIRUS ALERT

A virus was detected in an email message sent by you.
We stopped delivery of this email!


Recipient: <tbrown@cc.admin.unt.edu>
Subject: eicar test
Virus: Found: EICAR test file NOT a virus.

Please scan your computer for viruses and correct the problem before you resend the message.

This is an automated message produced by UNT's antivirus gateway. If you have any questions, contact your network manager or email the postmaster at postmaster@iatro.unt.edu

No more virus worries then, right?

Although this adds another layer of protection to the University's network, Iatro is not the be-all and end-all solution. It will not intercept viruses that are propagated by removable media or from downloading files from the Internet. Iatro only scans E-mail that comes in from or goes out to the Internet. Internal GroupWise mail is not scanned. You are urged to continue to run virus detection programs and maintain up-to-date virus signature files on your machine (this should be done automatically, see your network manager for more details).