Virus Reporting and Response Procedures


How do I report an infected university-owned computer?

  1. Shut down your computer as quickly as possible.
  2. Contact your LAN Coordinator with detailed information on why you suspect the computer is infected.
  3. If your LAN Coordinator is not available or you do not have one, contact the ITS Service Desk at 756-7000. Based on the availability of staffing and severity of impact, technical staff will respond to your service request.
  4. Once the infection has been successfully removed, use update to download and install the latest security patches for your computer and review and adjust your computer's firewall or other security settings

How do I report an infected off-campus or personal computer?

  1. Shut down your computer as quickly as possible.
  2. From another computer, download the latest version of your antivirus software to a removable storage device. Cal Poly users can obtain antivirus software at no charge via the Software Download channel on the Technology Tab in the My Cal Poly portal.
  3. Update the virus definitions and then scan the infected computer to remove any malware it finds.
  4. If you are unable to fix the problem yourself, consider using an off-campus computer repair service.
  5. Once the infection has been successfully removed, use update to download and install the latest security patches for your computer and review and adjust your computer's firewall or other security settings.

How do I report an infected email message?

If the originating machine is located at Cal Poly, the campus antivirus gateway has already identified the machine and reported it to the appropriate support staff for action. In most cases, the gateway will delete the infected attachment and add a warning to the message before it is delivered. Unless the message was sent by someone you know, your best course of action may be to delete it; however, if you want to report it, follow these instructions:

If the virus originated from off-campus and you wish to report it to the Internet Service Provider (ISP) of the infected machine, you will need to review the full message headers. The "Received:" headers provide the actual path of the message from the sending machine to its destination (read from bottom to top, start to end). The "From:" sender and return path headers may be forged and are not reliable on infected messages.

Once you have found the full headers, use this online header analysis tool to determine the originating ISP. Paste the headers into the text box and click the "Check Headers" button. The last IP address listed is usually the originating IP address. However, the "X-Originating-IP" header should also contain the IP address of the originating machine. Click the "Who Is" button matching that IP address to identify the ISP and their abuse contact information.

If the message originated from a machine at Cal Poly, no further action should be taken. If it originated from a machine off-campus, note the ISP and abuse contact information and see how to report a virus to an off-campus ISP

If you have questions regarding these procedures, contact abuse@calpoly.edu

If the infected computer is not on-campus, how do I report it to an off-campus Internet Service Provider (ISP)?

For most well-known ISPs (e.g. Google, Earthlink, Verizon, Yahoo, Hotmail, etc.), forward the message, including full headers, to "abuse" for that ISP, e.g., abuse@verizon.net, abuse@yahoo.com, abuse@charter.net, etc. For lesser-known ISPs, forward the message and full ARPA headers to "abuse" and "postmaster" for that ISP, e.g., abuse@blah.net and postmaster@blah.net. We recommend not reporting messages originating overseas unless it comes from a well-known ISP. If you have questions regarding these procedures, contact abuse@calpoly.edu.

How does Cal Poly handle a potentially infected computer on its network?

If a computer connected to the Cal Poly network is suspected of being infected based on reports from internal and/or external sources, Information Technology Services (ITS) will immediately block the computer or user from accessing the network. The LAN Coordinator and/or individual user will be notified and ITS will advise them on how to proceed. Once the computer is confirmed to be clean of viruses and updated with the latest operating system patches and antivirus software and definitions, ITS will restore network access. This process is necessary to prevent the spread of malware to other computers.

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips