Communication Security: Remote Access and Messaging • Chapter 3  149

                 viewing the file, installing and/or running a program attached to the file, opening
                 an attached document, or decompressing a file.
                    Many e-mail software programs provide a “Preview” pane that allows users to
                 view message contents without actually opening it.This is a problem when viewing
                 HTML e-mail, which appears as a Web page and may contain malicious content.
                 Viewing HTML documents has the same effect as opening an HTML message.
                 Computers can then fall prey to any scripts, applets, or viruses within the message.
                 For protection, e-mail software should be set to view plaintext messages or anti-
                 virus software that scans e-mail before opening it.
                    Antivirus software provides real-time scans of systems regularly. For example,
                 Norton AntiVirus, McAfee Viruscan, Microsoft’s Forefront for Exchange Server,
                 and Trend Micro PC-cillin scan every four seconds for new e-mail messages with
                 attachments. If HTML content is part of the message, real-time scans also detect
                 viruses embedded in the message.Anti-virus software can be installed at the e-mail
                 server level as well, providing—in the case of Exchange—attachment and body
                 scanning of all messages in the Information Store, regardless of whether or not the
                 message has been delivered. Symantec Mail Security, McAfee Groupshield, and
                 TrendMicro ScanMail for Exchange all work on the Microsoft platform. Many
                 manufacturers, including McAfee,TrendMicro, and Symantec, have provided hard-
                 ware appliances that sit between routers, firewalls, and mail servers to scan mail
                 traffic destined for a company mail server, regardless of the OS or mail platform.


                 NOTE

                      For more information about the Melissa virus and other situations
                      where viruses have lead to criminal action, see Scene of the Cybercrime:
                      Computer Forensics Handbook (Syngress Publishing, ISBN: 1-931836-65-
                      5) by Debra Littlejohn Shinder.




                    Even if antivirus software is installed on a system, there is no guarantee that it
                 will actually catch the virus.As seen in the case of the Melissa virus, when people
                 downloaded the file called list.zip from the alt.sex newsgroup, they were infected
                 with the virus. Regardless of whether these people had antivirus software installed,
                 the signature files for the software did not have any data on the Melissa virus. Until
                 a virus is known and an antivirus solution is created, a virus can infect any com-
                 puter using antivirus software.





                                                                              www.syngress.com