Use an E-Filter, to Prevent the Spread Electronically Transmitted Diseases

24 July 2001

We in the IT department have long advocated the disciplined and standardized campus use of anti-virus software to automatically scan and rid your workstations of the latest, most fashionable viruses. In this article, we bring your attention to a not-previously-publicized safety technique that not only protects you and your regular email partners from the unwitting transmission of these viruses, but also automatically alerts potential carriers of their disease-spreading tendencies.

How Casual Users Get Hurt

Microsoft Outlook Express is the preferred email client of many UM email users, including myself. Unfortunately, it is also street-corner hangout for many PC viruses. They come into your computer as stowaways on email attachments, often from unsuspecting people you know, often with enticing subject lines such as "Did you get my memo?" , "Check out these pics!" , or "Needa match?" It's very easy to fall for these traps, and to open up the email, along with a can of worms. In Outlook Express, you open an email by selecting it in the Inbox, then either: The process is similar in other PC-based mail programs you may choose to use. Whatever your poison, as soon as you open a message in your email reader, any virus it is carrying is activated. (You don't have to open/view the actual attachment to trigger the virus.) If you happen to be using Outlook Express, your new visitor will soon be silently flipping through your address book, emailing itself to all your friends, colleagues, and business contacts, again disguised as a harmless message (with attachment) from you.

Viral First Aid

We all know that a soldier experiencing the first signs of nerve gas poisoning would immediately reach for his atropine antidote injector. So it should be with you, as you snap into damage control mode the instant you realize you have opened a suspicious email. First, quarantine your computer by unplugging it from the network, then download the latest virus antidote files from your AntiVirus program's website, and run the virus scanner to search for and eradicate the intruder. If at any point you are not sure what to do, call 911. (Actually, 5222--the IT Helpdesk. They can guide you through the decontamination process.)

Hidden Dangers of "Safe" Attachments

While it is possible to rely on your own vigilance in monitoring arrivals to your in basket, and only opening the unsuspicious ones, this can be a risky policy. Some viruses that are smart enough to launch themselves as soon as you select them in your inbox--before you even open them. It is also easy to drop your guard. Maybe your mother occasionally sends you pictures of her fishing catches, and you become accustomed to opening harmless attachments from her. Next thing you know, it's your birthday, and you're opening the gift that keeps on giving. Finally, you may start getting so many attached viruses that you become a slave to their disposal. This was where I found myself today, when my inbox was inundated by a spate SirCam web worms. I set out to take more creative measures in the protection of my PC, which brings us (finally) to the feature presentation of this article.

How to protect your PC from viruses using Email Filters.

The following text is taken from the seminar notes of the UM IT workshop: Mail Call: A Guide to Customizing your E-mail at Ole Miss.
Filtering allows you to organize incoming and outgoing mail into folders. Eudora, Outlook Express, and Netscape Messenger all support filters. Filters can be used to handle "Spamming," to guard against viruses. For client-specific instructions on setting up filters, see the email client feature matrix.

Planning a New Layer of Protection

What I wanted to do was have the program automatically delete any incoming mail that contains an attachment, to eliminate the risk of my accidentally opening it. I also wanted to have the program automatically respond to the sender of the email, explaining that their email to me had been automatically deleted, and why. This would accomplish two things:
  1. If the email was legitimate, it would let the sender know that I hadn't received whatever they had intended for me, and prompt them to make other arrangements to get me the attachment (document, picture, or whatever.) For instance, they might call me and say, "This is your boss, I'm sending you an email with performance review attached, at 3PM this afternoon. Please have your desk cleaned out by 3:30." I could then turn off the filter long enough to receive the expected message, open up as many attachments as humanly possible in 30 minutes, and turn it back on afterwards.
  2. On the other hand, if the original email was illegitimate, it would alert the sender that they were unwittingly spewing viruses over the network, and suggest to them how they might cease their fire.

First, I used Notepad to construct and save the message that I would use as the auto-reply:
As a precaution against the spread of viruses, my email address is configured to automatically delete incoming messages containing attachments. If you really intended to send me an attachment, try resending as an in-line message, or call me to discuss. If you didn't mean to email me an attachment, odds are good that your computer has, and is spreading, a virus. You should probably disconnect your computer from the network and scan your machine for viruses.

If you would like to learn how to protect your computer from virus-carrying email attachments using Outlook Express, Eudora, or Netscape Messenger, check out the section(s) on Filters at: http://www.mcsr.olemiss.edu/bookshelf/doc/email/email_table.html
If you have questions, and are located on the UM campus, call the IT Helpdesk at x5222.

This is an automated message.

Applying the Filter

So following the instructions for Outlook Express filters in the email client feature matrix, here's how I set up the filter:

  1. Tools, Message Rules, Mail, New.
  2. Selected the Condition: "Where the message has an attachment".
  3. Selected the Actions: "Delete It" and "Reply With Message".
  4. Clicked on the "message" linked, then browsed/chose the text message I had prepared and saved earlier.
  5. Named the Rule: "DeleteAndReplyToAttachments"
  6. Clicked "Apply Now"
  7. Clicked "OK"
The process is very similiar for Eudora and Netscape Messenger. (See the email client feature matrix for specific instructions.)

Conclusion

How do I know the filter is working? Since setting it up this morning, I haven't received any more messages with attachments into my Inbox. However, my Deleted Items folder is full of them, and my Sent Items folder is full of replies to the people who sent me them. You can see for yourself by trying to send an email with an attachment to jghale@olemiss.edu. If you need help with any anti-virus or email issue, please contact the UM IT Helpdesk. [an error occurred while processing this directive]