TUHH > Service > Computer Centre > Virus Scanner

Virus Scanner

Which e-mails will be filtered?

All e-mails with @tu-harburg.de, @tu-hamburg.de and @tuhh.de.

The virus is detected, what happens now?

The whole e-mail together with header and attachments will be zipped in the ZIP-file. This file will be protected with the Password.
Following, the e-mail with the warning in English and German will be generated and send as well as:
  • Sender address of e-mail that contain the virus
  • The name and the IP-Address of the computer from which the e-mail came to TUHH
  • Subject
  • The name of the virus
  • The Password of the ZIP-Archive
  • ZIP-Archive as Attachment

This e-mail will be sent to all recipients whose address was declared in the e-mail with the virus. The sender of this e-mail is "TUHH Security Keeper <>" and you should not reply to this e-mail.
The original e-mail with virus will be deleted.

Will be the sender infected with the virus notified?

There is no intention to notify the sender infected with the virus, since in the most cases the address of the sender is faked. The e-mail would stay in sender system as misdirected e-mail or even could infect other computers. (e.g. mostly widespread Sobig-Virus-A uses always as sender address big@boss.com. Meanwhile, why the domain boss.com not exist any more?)
Of course, in the case that you know the sender and his/her e-mail address, the e-mail notification about virus would be useful.

Exceptions

When certain type of virus arrives in significant number with the infected e-mails to the e-mail gateway of TUHH, causing the overflow of virus warning, then the Rechenzentrum has a right to stop receiving of those e-mails already at the e-mail gateway.
In this case the original receiver of the e-mail infected with the virus would not be notified.

Currently receiving of a mail is denied at the mailgateways if a special virus has been detected more than 2 times and the last detection is no more than 48 h in the past.

E-mails that contain a virus and originate from inside ithe TUHH network are are never accepted from the computers in the Rechenzentrum.
The email with virus should stay in sender’s inbox. In the case that he/she tries to send the virus, the massage should be received from the e-mail client (program) informing them that he/she tried to send the virus.

The same is valid for e-mails infected with virus outside TUHH. They can arrive from the internet but they are originally from TUHH users, who are logged with Kerberos password per SMTP-AUTH at the mail server.

Which Virus scanners are in use?

At the moment we use Sophos Antivirus from our campus license

Should I worry any more?

Maybe you think now: The Rechnenzentrum has the virus scanner, I can open all e-mails and attachments I want and I should not worry about anything anymore?

False!!! Here are some reasons:

  1. The virus scanner is able to detect the virus only if this virus is known to the producers of virus scanner, if they have described the virus and if the description is available for download by the virus scanner users
  2. If somebody want you something bad, he/she can develop a program and send it to you, the program can create a huge damage on your PC…there is no virus scanner capable to detect such a program!
  3. There are so many possibilities to compress and interconnect the files and send them per e-mail that is nearly impossible to unpack all formats on the Server and to scan them for viruses.
  4. Encrypted e-mails are not possible to scan at all.

Why it is worth to have e-mail virus scanner at all?

The aim is not to wreck every imaginable virus sending. In reality, the main reason is to reduce the spread of viruses. In principle the viruses are spread through attachments in e-mail, but not when they are compressed in the (zipped) archive format. So, they try through the HTML, Visual Basic, JavaScript or Outlook-Tricks to be activated even without the user’s wish. This type of viruses is in principle easy to identify. When they are compressed in the archive they are not dangerous, only their unpacking through user intention can be risky.