Proposed AV policy, and some implementation suggestions, below. Comments please? Cheers, Paul Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia ----- The University asserts its right to examine ("scan") for viruses and similar illegal content, all email messages carried over its networks (including messages sent from the outside, internally, and to the outside). The University asserts its right to delete or alter messages that, in its discretion, are found suspect of containing viruses or similar illegal content. The University takes all reasonable steps to ensure that legitimate, legal messages are delivered in a timely manner; though it reminds users that email is not a "guaranteed delivery" medium (cf RFC1047: any others??). The University requires all email messages to be scanned for viruses and similar illegal content. Messages verified harmless are allowed through unchanged. Messages containing known viruses or malicious content are "cleaned"; when that leaves an empty message then the message may be deleted, or may be replaced with a warning message. Messages with potentially harmful content are rendered harmless ("defanged") and sent along, with suitable warnings and instructions on how to recover the original message. This includes all messages not classified and handled above; examples are malicious MIME, HTML or XML constructs, clsid or executable objects, and content designed to exploit vulnerabilities in email clients. Instructions on how to recover the original message will be provided together with the warnings in the modified message, for when the recipient can independently verify and is satisfied of the legitimacy of the message. Because of the difficulty in determining the actual sender (messages may be forged, and in fact many viruses forge the sender address), the scanner process will never send anything back to sender. The University will set up the central mail server ("mail.usyd") to scan, as described above, all messages passed through it. Funding for establishing and maintaining this service will be provided centrally. This scanning service may then be used by the whole University community. Departmental mail servers may relay all incoming or outgoing messages through mail.usyd via configuration settings (technical details available on request); departmental servers or individual users may also relay select messages through mail.usyd. Departmental mail servers may use the services of mail.usyd to scan messages, or may implement their own scanning procedures. Departmental scans must be consistent with the requirements above, and must be as thorough as the scan on mail.usyd (technical details available on request). Funding for establishing and maintaining such departmental scanners would be provided by each department. The University will maintain a list of recommended mail client software, with documentation on how to configure them to best deal with email viruses and other security attacks. Funding for maintaining this list and documentation will be provided centrally. Members of staff should only use one of the recommended mail clients, and follow its recommended configuration. The University intends to occasionally run courses on mail security, both for CSOs and for the general University community. Documentation on mail viruses should be given to each member of staff when they commence work. Funding for these courses and maintainance of the documentation will be provided centrally. ----- Implementation details (not part of policy): Take most bits of original header but skip MIME-related lines, and make up a new body something like: # You were sent a virus or suspicious message: # (list problems found) # so mail.usyd has transformed it as below, adding this warning. # Please scrutinize the message, including its headers, below. # # Unless you are satisfied that the message is in fact harmless, probably you # should simply delete it. You may want to warn the sender that they sent you # a suspicious message; but beware that the message may have been forged, and # even a careful examination of the headers may not show the real sender. # # If you were expecting such a message from this sender, and are satisfied # that the message is not a forgery and is harmless, then follow the # instructions at the end to restore the message to its original form. # BEWARE: doing so exposes your computer to risks: you are relying on the # benevolence and skill of the sender not to take over your computer. # # Original message: # (all pre-pended with '## ') # ## (empty line) ## (UNIX "From " line) ## All original headers ## (empty line) ## Original body ## (empty line) # # Instructions to restore message # # Restoring this message involves three steps: # (1) Save this message as a file # (2) Remove encodings added by mail.usyd # (3) Re-read file into mail client # # Each of these steps depends on what type of computer or mail client # software you use. # # (1) Save this message as a file # For UNIX mail: use "s N filename" where N is the message number # For Netscape: click on File->SaveAs and choose filename # For Eudora: click on File->SaveAs and choose filename # For Outlook etc: ??to be filled in?? # (2) Remove encodings added by mail.usyd # For UNIX computers: use the (shell) command # perl -i -ne 'print if s/^## //' filename # or maybe, if perl is not available then use # sed -ne 's/^## //p' filename > newfile; mv newfile filename # For Windows PCs: ??to be filled in?? # For Macintosh: ??to be filled in?? # (3) Re-read file into mail client # For UNIX mail: use the shell command # mail -f filename # For Netscape: ??to be filled in?? # For Eudora: ??to be filled in?? # For Outlook etc: ??to be filled in?? # # WARNING -- WARNING -- WARNING # # Instructions to restore message: see above. # # Ensure that it is safe to restore this message. Should this message in fact # be malicious, it could take over your computer and do anything it wanted, # including: erase or modify all your files and configuration settings; send # copies of confidential files to anyone; send rude email messages (appearing # to come from you) to all your friends. # # WARNING -- WARNING -- WARNING