More on this Feature • Prevent Email Viruses • Outlook Express Rules • Outlook Rules

Related Resources • Part 1: Sircam Virus • Part 2: SirCam Removal • Part 3: SirCam Removal • Email Help Center • Virus Encyclopedia • Glossary of terms

The SirCam virus continues to flow into users' inboxes, disrupting normal email use and increasing the likelihood of infection. One frustrated couple in Australia reported that SirCam attachments were coming in at such a high rate they were quickly exceeding the 15Mb limit imposed by their ISP. To reduce the bandwidth consumption and keep their mailbox below capacity, the enterprising couple had resorted to logging into their account hourly via the web mail interface, deleting any SirCam emails before accessing their account through their regular mail client. (Attempts to persuade their ISP to block the sender had failed, as had attempts to email the sender).

With such widespread use of antivirus software, one has to question the ever increasing numbers of infection and the associated damage costs - last year conservatively estimated at $17 billion. In most cases, it is simply a matter of speed. New threats traveling via email simply travel much faster than a signature update can. However quickly vendors move to make these updates available, containment is difficult. To make matters worse, all antivirus is not created equal. While SirCam got a bit of a foothold in the hours and days before detection was made available, some antivirus products are still stymied by it, worsening the problem. McAfee VirusScan has two settings that can thwart detection of the virus - their habit of excluding the Recycle Bin from scans and the lack of .PIF and .LNK extensions in their scan list. Thus, unless users fully understand the SirCam threat and the capbabilities of their antivirus protection, even constant updating won't be enough to protect them from infection.

Fortunately, there are steps you can take to prevent SirCam, and other email-borne threats, from ever winding up in your inbox. By keeping threats out of email, signature updating becomes a much more effective strategy. The simplest, most effective method to protect against email-borne threats involves the use of filtering software. Though historically focused at the gateway level, a new product, MailDefense, provides desktop users with a means to easily remove harmful executable-type attachments and other active content from email. Highly effective against both known and unknown threats, such filtering packages alleviate the need to become an overnight security expert just to enjoy safely sending and receiving email. MailDefense quarantines executable file types, removes macros from Microsoft® Office files, and strips scripts and ActiveX controls from email messages.

You can bypass the protection offered by filtering and elect to manually configure your mail client to stop specific threats. However, protection offered by the email client varies. For example, Eudora® and AOL® simply display a message when certain attachment types are received, still giving the user full access to the attachment. AOL provides a "Don't show this message again" option, which makes it likely to be disabled and never again seen by users. Microsoft® Outlook and Outlook Express email clients provide message rules that can be configured to block individual viruses. However, the rules must be setup exactly right or the virus will be allowed through. Configuring message rules also requires specific knowledge of the virus' characteristics - thereby effective against known threats only.