Microsoft 1 Dealing With Virus Infection

Chapter 5: Protection 77

In some cases you will receive a warning about a new virus before an update to your anti-

virus software is proposed. The first thing to do here is to verify that the virus is genuine.

Many problems are in fact caused by hoax virus notifications. Ensure that the virus is a

genuine problem by checking with your anti-virus vendors. After you have verified that the

virus is indeed a genuine threat, you should notify users so they know what to do if they

receive e-mail messages that may contain the virus. You should have a pre-defined mecha-

nism that the user base is fully aware of as to how they should report any suspected

viruses. As a short term measure for dealing with this eventuality, most anti-virus software

will allow you to block messages with particular subject lines or from particular sources.

This can act as a blocking mechanism until you receive an update for your anti-virus

software.

Dealing With Virus Infection

Assuming the worst does happen, and you are infected with a virus, the steps you take

next are extremely important. You should of course issue an advisory to the user commu-

nity, so that they know what to do if they receive the virus. You should also notify any

partners that you regularly associate with, along with the anti-virus vendors themselves.

Your biggest threat in spreading viruses is the user community, who are, incidentally, your

best weapon in defending against the viruses after they have attacked. It is vital that you

find a way of communicating with all users, in such a way that all are likely to listen and

take notice. If there is a new virus threat, you should e-mail a high-priority message to the

users detailing the threat and the recommended action. Make sure that the subject line of

the message prominently displays the nature of the threat. You should also advertise the

problem prominently on your intranet and use any real-time notification system you have

to notify the users, such as voicemail or public address systems. You should even consider

having a mechanism in place for putting posters at public parts of your building, for

example receptions and elevators. If the users know what to do when they receive a

particular message, you can severely restrict the flow of the messages within and outside

your organization.

After you have notified the relevant parties, you must do all you can to ensure that the

virus does not spread. If a fix is not yet available, in a worse case scenario, this could

involve restricting the flow of e-mail within your organization and outside of it (i.e.

disabling connectors and possibly network connections).

As soon as a fix is available, you must have a mechanism for deploying updates from each

of the virus vendors. In some cases, you may use the e-mail system as a means of distribut-

ing hot fixes to local administrators, but in this case, you must have an alternative mecha-

nism, because it is possible that you have had to shut down e-mail communication between

servers to prevent the virus from spreading.