Tech Tip – Summer 2004
Q. Why is it important to use LISTSERV's integrated virus protection? Isn't it enough to have an anti-virus solution on the SMTP server or on the server where LISTSERV is running?
Answer by Françoise Becker
VP of Software Engineering
The cost incurred by a virus sent through a mailing list is far greater than just the cost of cleaning up the virus on the organization's servers and workstations. A virus spread through a list damages an organization's reputation by undermining subscriber confidence.
To date, LISTSERV is the only list management software that has integrated virus protection. It is important for several reasons to have virus protection that is integrated rather than merely co-existent.
A non-integrated anti-virus solution cannot check every message that goes through LISTSERV. An anti-virus solution placed on the incoming SMTP server will not catch viruses in messages submitted through the Web interface. A non-integrated anti-virus solution placed on the LISTSERV server cannot detect viruses in messages as they are being processed by LISTSERV since they may never be stored on the disk in a way that the virus checker will recognize, even if it is set to check every file type.
2. Web archives protection
When a virus is first launched, there is a time window of one to several hours until the new "virus signatures" are available. During that time, some infected messages may slip by all virus protection, integrated or not. If such a message is sent to an archived list, the message will stay in the archives long after the signatures are available. With integrated virus protection, the LISTSERV Web interface checks each message for viruses before displaying it, offering protection to anyone who browses the archives with the Web interface after the signatures are available.
F-Secure Anti-Virus is engineered for fast, automatic virus database updates, minimizing the initial time window when viruses can get through. It uses multiple scanning engines, providing LISTSERV lists with the best possible virus protection.
A non-integrated anti-virus program is inefficient, wasting resources by checking each message many times – once when the message comes in, and many times afterwards as the message is distributed to recipients on its way out. LISTSERV's integrated anti-virus feature checks each and every message once, efficiently using system resources while providing the highest protection.
4. Contextual Feedback
When LISTSERV detects a virus, it stops the virus from spreading, and the sender is notified about what happened. With non-integrated anti-virus solutions, an infected post sent to the list may seem to the sender to disappear mysteriously. Alternatively, if the anti-virus application is set up on the SMTP server to send warnings back to the sender, it can flood the sender with a multitude of warnings if the virus is caught after the single message has been turned into multiple messages for distribution to the list.
With integrated virus protection, LISTSERV can keep track of all the virus-infected messages that it has processed. Available anti-virus activity reports include:
- The number of messages that were scanned for viruses
- The number of viruses that were found
- The number of infected messages that would have been distributed if LISTSERV had not stopped them
- It is also possible to drill down to each virus-infected message that was stopped to find:
- The name of the virus
- The date and time it was received
- The list (if any) to which the virus was directed
- The number of recipients who would have received the virus if it had not been rejected
The reports of individual viruses can be downloaded as a CSV file that can be opened in a spreadsheet or other program for further analysis.