Sheep dip (computing)

In IT security, a sheep-dip is the process of using a dedicated device to test inbound files on removable media for viruses before they are allowed to be used with other computers.

The name sheep-dip is derived from a method of preventing the spread of parasites in a flock of sheep by dipping the new animals that farmers are adding to the flock in a trough of pesticide. The term has been applied to IT security since at least the early 1990s, though footbath was also used at the time. A sheep-dip system can be considered a special case of a sandbox, used to test for malware.

This sheep-dip protocol is a normal first line of defense against viruses in high-security computing environments, as it preemptively prevent the spread of viruses brought by new devices. IT security specialists are expected to be familiar with the concept.

The process was originally developed in response to the problem of boot sector viruses on floppy disks. Subsequently, its scope has been expanded to include USB flash drives, portable hard discs, memory cards, CD-ROMs and other removable devices, all of which can potentially carry malware.