Problem solve Get help with specific problems with your technologies, process and projects.

Applying gateway products to stop malware

I am using Symantec Norton antivirus solution with the latest update. I don't have any protection on my gateways. We were recently attacked with the Nimda virus. I cleaned it, applied the Microsoft patch, but again and again we are getting that virus, even though I have configured it for quarantine. Why should that virus come again and again? Is there any permanent solution other than applying gateway products?

Malicious code, which is designed to probe for weaknesses and spread by constantly attempting to infect systems, will not go away or stop its activity once you have protected or patched your system.

The only way to stop the probes is by using something to filter them out, at the firewall or gateway level, as you suspected. Otherwise, they will continue to seek out weaknesses in your system and nothing you do at the desktop level will have any impact on them.

For example, I got tired of Sircam and Yaha-infected mail coming to me. I used a spam filter on the mail server to block incoming mail containing subject lines which correspond to these messages. Voila, no more infected e-mails of that type. The same idea can be applied to your case.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing: Virus management: Never a dull moment
  • News & Analysis: To block, or not to block at the gateway
  • Virus Prevention Tip: Adding to antivirus software

  • This was last published in February 2003

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.