Seen any .dot files? If so, you probably have a macro virus infection
One of the most prevalent viruses today-the Microsoft Word.Concept macro virus-is also
one of the least harmful, but you still need to protect your agency's systems against it.
Macro viruses increasingly are infecting systems through common applications such as
Word and Lotus Notes on any platform where they run.
Using the application's internal script capabilities, these viruses can affect not only
the application in question but the entire computer system as well. They're limited only
by the power of the scripting language.
Usually such viruses spread through
e-mail attachments, but any mode of transmission carries risks.
A file infected by a macro virus may open just fine, but the problems show up later.
Search your directories for .dot extensions on files that should not be template
files-a sure tip-off that you've got the Word.Concept virus (see story, Page 46).
Concept adds a macro to Word's normal.dot template file. Then it keeps changing
everything else you save into template files, which also will contain the virus.
One quick fix for this is to change the access rights to normal.dot to read-only so
that it can't be overwritten.
Other macro viruses are more vicious, attacking your directories and files. Avoid them
any way you can, preferably by pro-active computer security policy at your site.
How do you guard against virus entry? Anti-virus software at your desktop and server,
as well as e-mail gateways, stop most viruses before they get into a place where they can
damage or change files.
Make sure the scanner software can scan within compressed or encrypted files.
Otherwise, the scanner will miss viruses that lie in wait until the files are opened.
The Internet has rapidly overtaken the floppy disk as the digital vandal's favorite
delivery mechanism. It's fast, it's global and new environments like ActiveX and Java
applets open new opportunities for malicious code.
Macro viruses hitchhiking on e-mail attachments can spread like wildfire if they enter
Protect your agency by making a thorough investigation of its networked systems. One
size doesn't always fit all. At a minimum, look for an anti-virus gateway that does these
After considerable research, I've found that Trend Micro Inc. of Cupertino, Calif.,
makes the three-in-one InterScan E-Mail VirusWall, which fills the bill on all counts
VirusWall provides comprehensive, integrated virus detection and removal. It excels at
blocking malicious ActiveX or Java applets and also scans outbound mail. All three of its
programs use the same interface and virus-detection engine to ensure consistent reporting
and ease of administration.
E-Mail VirusWall detects and removes viruses traveling via Internet e-mail. Web
VirusWall optionally blocks Java applets, ActiveX objects, and unsigned or signed software
programs in HTTP transfers. Finally, FTP VirusWall takes care of viruses hidden inside
Internet file transfers.
I downloaded a trial version of VirusWall from the company's World Wide Web site at http://www.antivirus.com and installed it on a
Microsoft Windows NT server. There's also a version for the SunSoft Solaris operating
VirusWall was very easy to set up in about 20 minutes. It has an intuitive interface
and simple, one-screen access to scanning rules. With the Web-based configuration program,
you can change parameters for virus scans and look at specific portions of the ample
It's easy to quarantine and clean infected files, and virus updates arrive
automatically. At $1,435 for a 100-user license, VirusWall isn't expensive. As an added
cost-saving measure, it can run as an NT service and sit on a Simple Mail Transfer
Charles S. Kelly is a computer systems analyst at the National Science Foundation. You
can e-mail him on the Internet at email@example.com. This column expresses his personal
views, not the official views of NSF.