Anti-Virus Protection Policy of Baghdad University

1 Overview
This policy is an internal IT policy which defines anti-virus policy on every computer including
how often a virus scan is done, how often updates are done, what programs will be used to
detect, prevent, and remove malware programs. It defines what types of files attachments are
blocked at the mail server and what anti-virus program will be run on the mail server. It may
specify whether an anti-spam firewall will be used to provide additional protection to the mail
server. It may also specify how files can enter the trusted network and how these files will be
checked for hostile or unwanted content. For example it may specify that files sent to the
enterprise from outside the trusted network be scanned for viruses by a specific program.

2 Purpose
This policy is designed to help prevent infection of Baghdad University
computers, networks, and technology systems by computer viruses and
other malicious code. This policy is intended to help prevent damage to user
applications, data, files, and hardware.

3 Scope
All faculty, staff, students; as well as vendors, contractors, partners,
collaborators and any others doing business or research with the University
that involves access to University computers, networks and/or technology
systems, will be subject to the provisions of this policy. Any other parties,
who use, work on, or provide services involving Baghdad University
computers, networks, and technology systems will also be subject to the
provisions of this policy.

4 Policy Statements

All computer devices connected to the Baghdad University network or

networked resources shall have anti-virus software installed and configured
so that the virus definition files are current, routinely and automatically
updated. The anti-virus software must be actively running on these devices.

All computers owned by the University and used by faculty and staff must
have the most recent version of anti-virus provided by the University
installed.

All PC's are to be configured such that they schedule regular operating
system updates as provided by the vendor (Windows updates).

Macintosh systems are to be configured to schedule regular updates from

the software manufacturer (Apple security updates).
Page 1

All files on computer devices will be scanned periodically for viruses.

If deemed necessary to prevent propagation to other networked devices

or detrimental effects to the network or data, an infected computer device
may be disconnected from the University network until the infection has
been removed.

Exceptions to this policy may be allowed if a computer device cannot

have anti-virus software installed. Possible examples of this would be
vendor-controlled systems, or devices where anti-virus software has not yet
been developed. In these cases, plan must develop to protect the device
from infection.

An exception may be granted if an infected computer device is discovered

that performs a critical function and may not be immediately taken off-line
without seriously impairing some critical business function. Under those
circumstances, a plan will be developed to allow the computer device to be
taken off-line and the infection purged while protecting the function of the
device.

5 Related Standards, Policies and Processes

None.

6 Enforcement

When infected computers are discovered through routine scanning

processes, or reported to the Office of Information Technology, managers, or
owners, will be given until 5 p.m. that day to correct the problem or remove
the computer from the network. Information technology will remove network
access if the problem has not been corrected, and reserves the right to
remove any infected computer at any time should security of University data
or networks be compromised.

Any person found to have violated this policy will be subject to

appropriate disciplinary action as defined by current University policy,
student code of conduct, and/or collective bargaining agreements. This
policy will not supersede any Western Michigan University developed policies
but may introduce more stringent requirements than the University policy .
Exceptions: Any exception to the policy must be approved by the Infosec team in advance.

Page 2

7 Revision History
Date of
Change

Responsible

Summary of Change

Mar 2015

BU Policy Team

Updated and converted to new format.

Page 3