services statistics projects policies software support resources staff contact us NSG home UofT home

IMPORTANT NOTE: This page documents anti-virus procedures used until March 30, 2006. Please see http://www.utoronto.ca/ns/antivirus after that date. UTORmail: Virus Filtering Overview In order to reduce the amount of virus laden e-mail reaching your Inbox every day, Computing and Networking Services (CNS) has installed an anti-virus filter at the UTORmail postoffice. The filter will remove all attachments that may contain a virus, and replace each attachment with advisory text explaining what happened. Removal of the attachment neutralizes the virus preventing infection and further propogation. The Subject line of these messages will also be altered to include the special tag "[PMX:suspect attachment]". Adding the special tag will help you to quickly identify affected messages. The resulting message is then delivered to your junk-mail folder. Messages older than seven days will be regularly deleted from your junk-mail folder. You must regularly check your junk-mail folder for good messages that were misclassifiedand move them to your inbox. IMPORTANT NOTE: Only messages from other post offices are filtered. Messages sent from one UTORmail customer to another using a campus network connection or UTORdial are NOT filtered. If you receive a virus internally, please report the virus to security.admin@utoronto.ca . You will need to send the security administrator the full header of the message in question. The full header is required in order to track the message's point of origin. Instructions for viewing the full header of a message are available under the E-mail Security section of UTORprotect. Frequently Asked Questions What are viruses and where do they come from? Visit the 'Malicious Code' page under UTORprotect at Computing and Networking Services. Lots of information about malicious programs or "Malware" such as computer Viruses, Worms, Trojans, Spyware, and other programs written specifically to spy on network traffic, record private communications, execute unauthorized commands, steal and distribute private and confidential information, disable computers, erase files, etc., etc. Why is an email virus filter at the post office necessary? The vast majority of viruses originate and/or transmit themselves through email. Viruses are extremely destructive and can be responsible for data deletion, bandwidth congestion, and service infrastructure downtime. Recovering from the damage costs the University and its community time, effort, and money.  If CNS is filtering viruses at the postoffice, do I still need to run anti-virus software on my computer? Yes. The anti-virus filter at the post office does not replace the need to install and maintain up-to-date anti-virus software on your computer. The anti-virus filter and anti-virus software work together to give you the best possible protection against virus delivery and infection. To download Symantec® Norton Anti-Virus (NAV) software, please visit the University's UTORprotect site. The UTORprotect site is also an excellent resource on Best Practices for protection against viruses. Do you notify the sender(s) of removed attachments? No. Messages containing viruses usually bear forged e-mail addresses and bogus reply headers. Sending a notification simply compounds the problem by sending email to people who did not send the original message. What if someone needs to send me a legitimate attachment? I need the attachment to arrive intact. If you are expecting a legitimate attachment from someone outside of the UTORmail system and the attachment has a specific extension, you will need to ask the sender to rename the attachment before sending it so that it is not detected by the anti-virus filter. Once you receive the message with the renamed attachment, you will have to rename it again in order to view it. There is a trick if you are a Windows user - so it is important that you read the full renaming instructions. Renaming instructions for Macintosh users are also available. Is anti-virus filtering the same as anti-spam filtering? No. Spam is unsolicited email, often called junk mail. It is generally commercial in nature and considered a high volume nuisance. A virus, on the other hand, is considered 'malicious code' and is typically designed to cause harm to the recipient's computer. The only thing spam and viruses have in common is that both get filtered to your junk-mail folder. For more information on anti-spam filtering, please visit the UTORmail anti-spam page. If both spam messages and messages with virus attachments are filtered to my junk-mail folder, how do I tell the difference? Messages containing potential viruses can be identified by a special tag in the Subject line: "[PMX:suspect attachment]". I can't find my junk-mail folder! The junk-mail folder should appear and require no additional intervention. Should that not be the case, you may need to subscribe to junk-mail in order to see it. Please consult with an advisor at the Information Commons Help Desk for assistance in subscribing to the junk-mail folder. Call 416-978-HELP. What happens if I accidentally delete my junk-mail folder? Messages identified as carrying viruses will be delivered to your Inbox instead of the junk-mail folder. The suspected viral attachments will be removed and replaced with advisory text. These messages can be identified by a special tag in the Subject line: "[PMX:suspect attachment]". Will my other email addresses also be filtered? The anti-virus filter function only works on email handled by UTORmail. At present, only email arriving to addresses ending in @utoronto.ca can be filtered. Some departments run their own email systems independent of UTORmail. Messages going directly to such systems are not affected by this filter. If I forward mail from my UTORmail address to another address, will viruses be filtered? Yes, any suspected viral attachments will be removed, replaced with the advisory text and forwarded to your designated address. What happens to anti-virus filtering when I go on vacation and set my auto-reply? Messages with suspected viral attachments will continue to be routed to your junk-mail folder and deleted on a seven-day rotation cycle. Will email be delayed as a result of the filtering? There will be a moderate delay. What if my email program is configured to use POP instead of IMAP? The anti-virus filter works for both POP and IMAP. That said, POP is not a supported protocol. We strongly recommend converting to IMAP. For assistance, please consult with an advisor at the Information Commons Help Desk Call 416-978-HELP. Are any other Universities also blocking attachments? Yes, here are some examples: Blocking Unsafe E-mail Attachments - University of Denver E-mail Filtering - Seattle Pacific University Attachments that are blocked from e-mail accounts - Indiana University Blocked Email Attachments - Rutgers University Blocking File Attachments - University of Washington I am technical staff, technically advanced or just curious about how the anti-virus filter works - where can I find more information? Please visit our advanced explanation page.