 | | | Q: Containement Action after Virus is found. | Q: Containement Action after Virus is found. 2004-04-11 - By Ow Mun Heng
Back
> -- --Original Message-- --
> From: shrike-list-bounces@(protected)
> [mailto:shrike-list-bounces@(protected)]On Behalf Of Craig White
> Sent: Friday, April 09, 2004 8:58 PM
> To: Discussion of Red Hat Linux 9 (Shrike)
> Subject: Re: Q: Containement Action after Virus is found.
>
>
> On Thu, 2004-04-08 at 18:48, Ow Mun Heng wrote:
> > Hi Guys,
> >
> > Need some guidance. Looking through my server's shares, (SAMBA)
> > I noticed a number of rougue files (How to hack websites.exe etc..)
> > I've already moved these files to a temp directory for the
> time being.
> >
> > I've informed the users of the server of the viruses and
> advised them to
> > perform a scan of their PCs.
> >
> > I've disabled the account which was the source of infection
> > until further notice as well.
> >
> > As I'm going through the system, I noticed that the virus
> has actually been
> > in the system for 2 days. Enough to populate to my
> "mirrordir" directory,
> > my snapshots as well as my rsync snapshots.
> >
> > I've not removed these files from the backups.
> > (I'm thinking that - No one has access to these files
> > and it will recover itself by tomorrow (for my mirrordir)
> > and a couple of days for my snapshots to come full circle)
> >
> > SO.. what are your comments?
> -- --
> Most AV Scanners are capable of checking/repairing network volumes.
> Mount and scan/repair from an up-to-date workstation.
So.. Scanning them from Windows AV Scanners is the best bet?
--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list
Earn $52 per hosting referral at Lunarpages.
|
|
|