Resources > Computer Support > Safe Computing > FAQ's About Viruses

Main | VPN | Computer Backup Policies | Safe Computing | Documentation | MS Office Tips

Frequently Asked Questions about Viruses

Virus incidents are on the rise here at LLE. If you think you have received a virus, please forward the message to Computer Support's virus@lle.rochester.edu. Do not delete the suspect message until Computer Support can look at your copy. In general, be extremely cautious when opening any e-mail attachment.

The following are frequently asked questions about receiving a virus via e-mail:

Q: What is an "incident"?
A: The easy answer is "Anything you want." Anytime you have a question about an e-mail message you should feel free to forward the message to the "virus" address. DO NOT delete a message that you forward to us until we have contacted you. This may seem counterintuitive, but in order for us to track down the source of a virus transmitted via e-mail, we have to be able to examine the entire message. Unfortunately, the act of forwarding a message does not (by default) pass on all of the message headers, and these headers help us determine the origin of a message.

Q: But isn't a virus dangerous sitting in my inbox?
A: No—only if you open any attachment(s) to the message. DO NOT OPEN THE ATTACHMENT(S)!

Q: I already clicked on an attachment that I think might be a virus. What should I do?
A: If you have actually opened an attachment that you now suspect has infected your machine you should unplug your machine from the network, if you know how. Immediately CALL anyone in the Computer Support Group or the on-call pager (9-1-877-504-6820).

Q: I received a message that warned me of some danger and urged me to do something to my system (such as deleting a file, forwarding the warning on to others, etc.). What should I do?
A: Forward the message to "virus@lle.rochester.edu" and do nothing else.

Q: When I attempt to forward the message to the virus address, Eudora says that it will have to download the attachments in order to forward it. Is that OK?
A: Yes. This only happens to people who are set up to use the IMAP protocol (rather than the POP protocol) to read their mail.

Q: Is there anything else I should include when I forward the suspected virus message?
A: The following (optional) additional information will prove useful:

• your telephone extension
• name of the (possibly infected) computer
• whether or not your OfficeScan software flagged the message (and if it did, what action it took)

Additional Info
In a strict sense, we are MOST interested in tracking down "uncaught incidents." An uncaught incident is when you receive an e-mail with an attachment that you feel is in any way suspicious but has NOT been reported by Trend OfficeScan.

If you have any virus-related question, please call or e-mail anyone in the Computer Support Group at any time.

• On-Call Pager
• Virus E-mail