The exchange of documents as Word Processor files (normally
Microsoft Word) on Web servers creates a substantial danger of spreading
viruses, particularly Word Macro viruses. This is a special problem where
all committee members have the ability to upload documents, and not all
may take adequate measures to detect and cure viruses.
The purpose of this information is to:
Traditional viruses are normally spread only through diskettes
and programme (.EXE) files. These viruses are unlikely to be spread through
the use of Web servers provided that the manager of the web server maintains
proper anti-virus measures.
The type of virus that is commonly spread through Web servers is the Word macro virus.
The macro virus works broadly as follows.
Some viruses do little more than propagate themselves.
Others are altogether nastier, and will delete &/or corrupt files. At
least one virus adds a password to files when saving!
You are strongly recommended to get a good up-to-date anti-virus
program. Regularly get updates to it, so that you can keep up with all the
new viruses coming along. When you install the program, ensure that it is
set up to check doc files. The default settings of some programs omit this.
You can download 30-day trial versions of the following general purpose anti-virus programs from the Web
It is essential that you use one of these systems for
These systems do contain some protection against macro viruses, but we recommend that you also take the following additional measures.
In addition we strongly recommend that you should use additional
specific protection against Word macro viruses. The main protection is to
use one of Microsoft's template utilities that detects the presence of macros
in any file that you attempt to open. There are the following versions:
Word 6 (all versions) and Word 7.0
Use Microsoft's SCANPROT.DOT template, which detects whether
a file contains any macros and asks you if you want to disable them.
Word 7.0a and above
These versions contain the equivalent of SCANPROT.DOT built
into the software, however you should ensure that the macro virus detection
facility is enabled ???????????
Other measures and Tips
Starting with Word 7.0a, as you open a file, Word now can
detect whether the file contains a macro, and offers you the choice of opening
the file with all macros deactivated. For any document whose origin is in
any way suspect, take this option. If you have an earlier version of Word,
it would be a good idea to upgrade to this version or later. (Quite apart
from all the bug fixes you'll get!)
You can access Microsoft's own information on macro viruses at the following location.
The Microsoft information includes links to a list of anti-virus products and vendors.
Any of the following may be an indication of a virus attack.
The list above just gives examples from a few of the more common viruses. Any kind of unexpected behaviour, particularly when opening, saving or closing files, should be treated as a possible sign of a virus attack.
It is fairly straightforward to see if you have been infected. With any document open, on the Tools menu, select Macros. If there are any macros in the list which you didn't put there yourself, particularly if they have names beginning with "File" or "Auto", then they are very probably from a virus.
If your Tools menu has disappeared or the Macros command has disappeared from the menu, then this is also a sign that a virus has hit. Some viruses do this to try and make it harder to fix the problem.
While you are waiting for your anti-virus program, you can do some emergency repairs yourself.
Note that the following instructions assume that you have written no macros of your own. Ways of adapting this to retain your own macros are given afterwards.
This last item is a useful check when you receive any document from someone else. It is completely independent of your anti-virus program, and should show up any virus, including one which the anti-virus people haven't found yet.
This gets a bit more tricky, but the same basic principles apply. You need to take these precautions.
A large part of this advice has been written by Jonathan West of Integrated Information Solutions Ltd and is reproduced with permission.
Return to TAPC Home Page