Virus/Malware

Tens of thousands of virus/malware exist, with more being created each day. Computer viruses today can cause a great amount of damage by exploiting vulnerabilities in corporate networks, email systems and Web sites.

OfficeScan can perform several actions against files infected with the following virus/malware types:

Virus/Malware Type	Description	Available Scan Actions
Joke program	A joke program is a virus-like program that often manipulates the appearance of things on a computer monitor.	For Manual Scan and Scheduled Scan: Delete Rename Quarantine Clean Pass For Real-time Scan: Delete Rename Quarantine Clean Deny Access
Trojan horse	A Trojan horse is an executable program that does not replicate but instead resides on computers to perform malicious acts, such as opening ports for hackers to enter. This program often uses Trojan ports to gain access to computers. An application that claims to rid a computer of viruses when it actually introduces viruses to the computer is an example of a Trojan program. Traditional antivirus solutions can detect and remove viruses but not Trojans, especially those already running on the system.
Virus	A virus is a program that replicates. To do so, the virus needs to attach itself to other program files and execute whenever the host program executes. ActiveX malicious code: Code that resides on Web pages that execute ActiveX™ controls Boot sector virus: A virus that infects the boot sector of a partition or a disk COM and EXE file infector: An executable program with .com or .exe extension Java malicious code: Operating system-independent virus code written or embedded in Java™ Macro virus: A virus encoded as an application macro and often included in a document VBScript, JavaScript, or HTML virus: A virus that resides on Web pages and downloads through a browser Worm: A self-contained program or set of programs able to spread functional copies of itself or its segments to other computers, often through email
Test virus	A test virus is an inert file that is detectable by virus scanning software. Use test viruses, such as the EICAR test script, to verify that the antivirus installation scans properly.
Packer	Packers are compressed and/or encrypted Windows or Linux™ executable programs, often a Trojan horse program. Compressing executables makes packers more difficult for antivirus products to detect.
Others	"Others" include viruses/malware not categorized under any of the virus/malware types.
Probable virus/malware	Suspicious files that have some of the characteristics of virus/malware are categorized under this virus/malware type. For details, see the Trend Micro Virus Encyclopedia. Note: Clean cannot be performed on probable virus/malware, but the scan action is configurable.	For Manual Scan and Scheduled Scan: Quarantine Pass Delete Rename For Real-time Scan: Quarantine Deny Access Delete Rename

Network Viruses

A virus spreading over a network is not, strictly speaking, a network virus. Only some of the virus/malware mentioned above, such as worms, qualify as network viruses. Specifically, network viruses use network protocols, such as TCP, FTP, UDP, HTTP, and email protocols to replicate. They often do not alter system files or modify the boot sectors of hard disks. Instead, network viruses infect the memory of client computers, forcing them to flood the network with traffic, which can cause slowdowns and even complete network failure. Because network viruses remain in memory, they are often undetectable by conventional file I/O based scanning methods.

The OfficeScan firewall works with the Common Firewall Pattern to identify and block network viruses.

Virus/Malware

Network Viruses

See also: