Implementing an antivirus solution

Platí pro: Windows SBS 2003

Computer viruses can spread quickly and overwhelm network resources. Besides arriving through e-mail, a virus can propagate from services running on your server, from a shared folder on the network, from the Internet, or from infected files on removable media, such as floppy disks and CD-ROMs.

To help protect your local network from computer viruses, you need an antivirus solution that helps prevent unauthorized access to your network, server, and client computers. You also need to ensure that you have a good backup and recovery plan because you may need to restore the system to its state before the virus infection occurred.

Make sure that your antivirus software supports Exchange Server 2003 and supports the latest Microsoft Virus Scanning API. Evaluate how quickly various antivirus software vendors release updates. Also verify that your antivirus software is compatible with service packs and product updates.

Installing an antivirus package is only the first step. You should have a plan in place that describes how to protect your small business from viruses and how to react and recover from a virus attack. When developing your plan, consider taking the following actions:

Install current antivirus software

Verify that all servers and client computers have the latest updates from the antivirus software vendor. New computer viruses are constantly emerging, and they can spread across the Internet within hours. If you do not have the latest protection, your organization is at risk of virus infection. Your scanning strategy should ensure that whenever you change the configuration of your server, such as upgrading the server or adding new applications, your antivirus software is current. Also, make sure you receive regular virus signatures from your vendors.

Block potentially dangerous attachments

Define which attachments should be blocked. Removing certain type of attachments in e-mail from the Internet helps to prevent a virus or malicious program from spreading to your local network. You can remove attachments in e-mail from the Internet by completing the Connect to the Internet task on the To Do List. For more information about connecting to the Internet, see Connect to the Internet. For more information about blocking e-mail attachments, see Add, edit, or remove attachments from Internet e-mail.

Review security bulletins

In some cases, you might receive a warning about a new virus before an update to your antivirus software is available. First verify that the virus is genuine by checking with your antivirus software vendor. Some virus notifications might be hoaxes. For more information about reviewing security bulletins, see Keeping up-to-date on security information.

Develop a reaction plan

If an update is not yet available, develop a reaction plan to prevent the virus from accessing your local network. A reaction plan enables your organization to respond quickly and appropriately. Your plan should include the following actions:

  • Checking your antivirus software Web site to get details about how the virus infection is occurring.

  • Notifying appropriate parties, such as business owners or antivirus vendors, about the virus.

  • Blocking the virus by turning off the service that is infected by the virus.

  • Preventing further spread of the virus by making sure that users know what actions cause the virus to spread.

  • Deploying antivirus updates when available.

If a solution is not yet available from your antivirus software vendor, consider restricting the flow of e-mail to, from, and within your organization. For example, you can disable e-mail connectors and possibly network connections.

Develop a notification plan

After verifying that the virus is genuine, develop a plan to ensure that the following parties are notified:

  • Users—Provide users with instructions on how to prevent further spread of the virus.

  • Partners—Alert partners that you have received the virus and might have passed it to them.

  • Antivirus software vendors—Notify the antivirus software vendor about the virus.

Properly informed users can be the best defense against the continued spread of a virus. Make sure that users know what they should do if they receive e-mail messages containing a virus. Also, have a well-publicized plan for how your users should report suspected viruses. An uninformed user who opens an attachment containing a virus can spread the virus throughout your organization.

Suggestions for minimizing or stopping the threat of a virus follow:

  • A virus cannot damage computer systems unless it is executed. Instruct users to delete an attachment in an e-mail message that they suspect is infected.

  • If a virus threat occurs, send users a high-priority e-mail message describing the threat and the recommended action.

  • Send a high priority e-mail message that describes the threat. If users know what to do, they can greatly reduce the spread of viruses.