More on this Feature • Prevent Email Viruses • Outlook Express Rules • Outlook Rules

Related Resources • Part 1: Sircam Virus • Part 2: SirCam Removal • Part 3: SirCam Removal • Email Help Center • Virus Encyclopedia • Glossary of terms

ZoneAlarm Pro, the professional version of the popular ZoneAlarm Personal firewall, provides a MailSafe option which renames certain executables to a registered ZoneAlarm extension. Thus, if certain types of executables are received in email, the user will not be able to open them without first answering a series of prompts provided by the firewall.

Unfortunately, keeping email safe from viral attack is not as simple as blocking specific extensions. Script worms such as Kak can only be stopped by applying specific patches and configuring the mail client appropriately, or by using a filtering product to automatically remove all scripts for you. The Email Help Center provides specific details on securing Microsoft® mail clients against scripted threats for those who choose not to use filtering products. A third email-borne threat, macro viruses constitute a large percentage of all active viruses. Email clients and firewall products have no built in defense against the threat of macros, leaving filtering software as the most viable means of protection. Whether via filtering software or manually configuring rules, keeping viruses out of the inbox is the most important viral defense strategy against email-borne threats.

Of course, properly configured and updated antivirus software is also a necessity. Make sure you are familiar with the antivirus product you use and are aware of any areas of your system which might be automatically excluded from scanning protection. Also ensure that the extension list is actually representative of threats that are likely to be encountered. At a minimum, the extension list should include: acm, acv, bat, chm, cla, cmd, com, cpl, crt, dll, doc, dot, eml, exe, hlp, hta, htm, html, inf, ins, isp, js, jse, lnk, msc, msg, msi, msp, ocx, pif, ppt, reg, scr, sct, shb, shs, sys, vbe, vbs, wsc, wsf, wsh, xls, xlt. http://filext.com/ is a great resource for looking up file extension descriptions and the programs to which they are registered.

If you are not familiar with the workings of your antivirus product and don't know how to check the exclude or extension list, contact your antivirus vendor or post a message in the antivirus help forum for assistance.

In summary, email is a widely available tool that has equally wide consequences if used inappropriately. It is this inappropriate use the virus writers are counting on to spread their wrath. If filtering software is not your cup of tea, familiarize yourself completely with the advice laid forth in Protecting Your Organization From Electronic Message Viruses by Robert Grupe, a Senior Product Manager at McAfee. These are the critical steps you will need to take if you choose to email without proper protection, along with the tips outlined in this article and in the Email Help Center.