One misconception many people have is if they have anti-virus software and firewalls in place, they think they are safe from viruses. But you can still get damaging viruses, even spyware, into your organization's systems via spam. So what can you do to help reduce that danger?
A good first line of defense is applying the various filters that have been around for a while to your Exchange server. These filters use pattern-matching techniques that attempt to identify an e-mail message as spam, and then do something with it. They may simply identify the potentially offending message, and let the eventual recipient know that it's been so identified. They may delete the message, or just block it, refusing to let it through the server and into the user's mailbox.
Filters catch an estimated 60 percent of the spam that's running around the Internet, which leaves a lot more that can get through to bother users. And if that 40 percent happens to contain a virus, you have troubles.
Front line of defense
So what else can you do? You know the answers, but you diligently must apply the solutions you know.
Although it's been said again and again, you need to verify that patches are all in place. Make sure that if you're running a spam blocker on your server
Spammers are constantly thinking of ways to deceive anti-spam devices, and they come up with new and interesting variants. A vital first step for you is to update your spam blocker. And while you're at it, make sure your virus updates are all in place and they are renewed frequently. You don't want to get caught with a virus simply because it slipped in under the wire before the update that would have caught it was installed.
Second, when you install Outlook on your users' computers, do a few simple things. First of all, turn off the preview pane in each folder view that you set up. That way users won't open a message when they just highlight the header on the incoming message pane. For the same reason make sure that only the message subject line is displayed in the folders. Some dangerous attachments can operate once the message has been opened, so make sure that messages don't get opened accidentally. You can do this setup through the View menu on the Outlook client. Click on View, and then click off the Preview Pane and the Message Preview items. When these items are active, they have a blue border around their icon. Click so the icon does not display a blue border.
Unfortunately, users are a contrary lot, as we all know. They are forever doing something that no one expected them to do. So another important piece of your strategy is educate, educate, educate.
Make sure that if you're using a spam filter that merely identifies spam messages that users are checking their spam on a regular basis. One Exchange admin suggested putting an Inbox filter into each Outlook client that would pick up the identified spam and drop it into a special folder called "spam," or some other similar folder for later examination. That way, if the server spam filter is too restrictive, users can retrieve legitimate email that was erroneously identified as spam, and return it to their Inbox.
Finally, make sure your users know that they should never open attachments in a spam message, or any attachment, that they are not absolutely sure will not release a worm or other virus into the enterprise. Otherwise, this can lead to disaster, as surely as opening the gates of Troy to the wooden horse doomed the fabled towers of Ilium.
David Gabel is a writer and consultant who has been testing and writing about computers for 25 years.
This was first published in February 2004