Email Viruses

What is an email virus?
I've been notified that a message I've sent contains a virus. Does this mean my machine is infected?
How can I prevent my machine from becoming infected?


What is an email virus?
An email virus is a virus that distributes itself as an email attachment. An infected machine propagates the virus by generating fake email messages containing more copies of the virus and posting them to as many email accounts as possible. The virus often uses the contents of address books on the machine as a source of recipients for its infected messages. Furthermore, it may also use one of these addresses as the sender (faking the "From" field of the message) in an attempt to masquerade itself as legitimate mail. Email viruses almost exclusively effect Windows machines and examples include the Mydoom and W32/Netsky.b@MM viruses.

I've been notified that a message I've sent contains a virus. Does this mean my machine is infected?
Not necessarily. Since email viruses spoof the messages they send, an infected machine may have just used your email address as a fake sender. You may have been unfortunate in that your email address was in the address book on the infected machine.
If you received a message sent from a virus scanner, look at the information it gives you. Some messages will list the full headers of the infected email. Look at the IP address/hostname where the message originated. If this doesn't correspond to a machine you have used, then you are safe to assume that the message has been faked to look like it came from your machine. Unfortunately, many notification messages don't provide this information so it can be difficult to tell where an infected email was originally sent. This includes the notifications sent by the virus scanners on the central campus mail servers which are the messages you are most likely to encounter. However, if you receive a message telling you that a message you sent to another Computer Science account was infected, you can safely assume this didn't originate from a machine within the School. All our internal mail is handled within the School and will never pass through the campus servers.

How can I prevent my machine from becoming infected?
There are a number of precautions you can take:

Avoid using a Windows email client

Since email viruses generally only exploit Windows machines, using a Linux mail client ensures complete protection.
However, we appreciate that this isn't feasible for many users.

Be careful when opening attachments!

The majority of email viruses require the user to open an attachment (often a zip file) to infect the machine.
Treat all attachments with suspicion and delete anything you are not completely sure is safe.

Ensure your virus scanner is updated

Ensure that auto-updates are enabled on your virus scanner.
Try to avoid staying logged in for extended periods of time.