Dáil Éireann debate -
Tuesday, 30 Jan 2001

My Department maintains a contract with an anti-virus software supplier for the supply and update of virus scanning software, both for its mail system and PC network. Updates are supplied at least once a month and applied to the Department's systems as soon as they arrive. The current software in use is the Sophos anti-virus product.

In the past 12 months there have been two occasions when the Department suffered a virus attack through the e-mail system. On each occasion the virus was a recently identified one and an update to the Department's anti-virus software was available from the software supplier's website. The update was applied to the Department's systems as soon as the virus was discovered and the impact was minimal.

Within the past 12 months, there were two separate occasions on which e-mail security in my Department was breached. In both cases, which were of an identical nature, the breaches involved external sources using my Department's mail server as a conduit to relay unsolicited information exter nally. This practice is commonly known as spamming. This practice means that external e-mail users were successful in using our mail server to relay spam e-mails to a large number of users outside the Department. In effect, from the recipients' perspective, the mail thus generated appeared to originate from my Department, although this was not the case.

My Department took immediate action to redress this situation in terms of reconfiguring our mail server to prevent open relay of e-mails and taking additional precautionary measures to further secure our mail routing facility. I am satisfied that these measures will protect the integrity of my Department's mail system. My Department is constantly monitoring and reviewing security on all its key systems to ensure their continued security.