Safeguards technical assistance virus scanning tools

 

Request for technical assistance

Please provide guidance pertaining to IRS approved virus scanning tools.

Response

IRS Publication 1075, Section 4.19, System and Information Integrity, requires any information system that stores, processes, or transmits Federal Tax Information (FTI) be protected against malicious code (e.g., viruses, worms, Trojan horses) transported by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g., USB devices, diskettes or compact disks), or other common means.

Malicious code protection mechanisms should be employed at critical information system entry and exit points (e.g., firewalls, electronic mail servers, web servers, proxy servers, remote-access servers) and at workstations, servers, or mobile computing devices on the network.

Furthermore, the mechanism or tool that is deployed should include the capability to update anti-virus signature files timely and expeditiously, without requiring the end user to specifically request the update (automatic updates).

The Publication 1075 does not currently specify specific virus/malicious code detection software products that agencies must use, but the following products are recommended as approved products for use internal to the IRS for the following platforms:

  • Windows – Symantec Antivirus
  • UNIX – Cybersoft V-Find

In addition, the agency can follow guidance provided in the NIST Special Publication 800-83, Guide to Malware Incident Prevention and Handling, which provides recommendations for improving an organization’s malware incident prevention measures.