FAQ - Email Virus Protection with MimeDefang

Table of Contents MimeDefang What is MimeDefang? Great, so now I can't get infected with a virus? Ok, but at least I don't have to worry about email viruses? How does the renaming actually work? What extensions triggers this renaming? What about Word and Excel files? I use those a lot.

Question 1.1 What is MimeDefang?

Email viruses propgate by tricking you to execute a virus-laden attachment. Some email programs are so "convenient" that they will execute the email attachement without your even having to click on it. Other times, a person clicks before he is even aware something might be amiss.

Email viruses are so endemic that we are taking automatic action. Most virus-laden attachments use uncommon file extensions to become executable. So we simply rename all such attachements to make them not executable. This way, the file is preserved, and if you want to get infected, you still can. But at least you'll have to opportunity to decide for yourself, and not get infected accidently.

Question 1.2 Great, so now I can't get infected with a virus?

WRONG!. Viruses spread in many ways, including Windows file sharing, malicious Web pages, network vulnerabilities in operating systems or applications, floppy disks. Even commercial shrinkwrapped CDROMs have, on rare occasions, carried viruses.

Question 1.3 Ok, but at least I don't have to worry about email viruses?

WRONG AGAIN! We only defang certain types of attachements, and then only if they pass through certain servers. True, you now don't have to worry as much about email viruses, but there is NO SUBSTITUTE for running your local anti-virus software (it's free!) and keeping it up to date

We think of this as E-Public Health. MimeDefang will sharply reduce the spread of most email viruses at UIC. It will not eliminate them, and will not provide 100% protection for any single individual. But by slowing any epidemic, we have more time to respond, and can keep the total infection much lower.

Question 1.4 How does the renaming actually work?

Suppose we notice an attachement whose filename is "prettypicture.gif.exe" The ".exe" part tells us it is executable, and since people do not normally share such files by email, we consider this attachement suspicious. So we tack on ".txt" so the filename becomes "prettypicture.gif.exe.txt"

No harm done, and we add a little blurb to your mail to alert you to this renaming. The advantage is that anything named "*.txt" is not executable, so you are protected. And if you really want to exectute it, just:

1. Save the attachement to disk, and you will create a file named "prettypicture.gif.exe.txt"
2. Scan this file with your anti-virus software to be sure.
3. Rename the file back to "prettypicture.gif.exe"
4. Now execute the file. Best 'o luck to you.

Question 1.5 What extensions triggers this renaming?

.ade .adp .asx
.bas .bat
.chm .cmd .com .cpl .crt
.exe
.hlp .hta
.inf .ins .isp
.js .jse
.lnk
.mdb .mde .msc .msi .msp .mst
.pcd .pif .prf
.reg
.scf .scr .sct .shb .shs
.url
.vb .vbe .vbs
.wsc .wsf .wsh
.zip

Question 1.6 What about Word and Excel files? I use those a lot.

Many people do, so we don't rename Word or Excel files. However, many Microsoft formats, such as Word and Excel, can contain macro viruses, and they are not safe.

We suggest NOT sending Word files by email unless you really need to. And do be careful about opening those that you receive. Remember, you rarely catch a computer virus from strangers; you catch them from good friends and relatives who have your email address in their address books when they get infected.

Need Additional Help?