Q: Containement Action after Virus is found.

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Installation - Getting started with Red Hat Linux

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Q: Containement Action after Virus is found.

Q: Containement Action after Virus is found.

2004-04-12 - By Craig White

Back

Reply: 1 2 3 4

On Sun, 2004-04-11 at 18:43, Ow Mun Heng wrote:
> > -- --Original Message-- --
> > From: shrike-list-bounces@(protected)
> > [mailto:shrike-list-bounces@(protected)]On Behalf Of Craig White
> > Sent: Friday, April 09, 2004 8:58 PM
> > To: Discussion of Red Hat Linux 9 (Shrike)
> > Subject: Re: Q: Containement Action after Virus is found.
> >
> >
> > On Thu, 2004-04-08 at 18:48, Ow Mun Heng wrote:
> > > Hi Guys,
> > >
> > > Need some guidance. Looking through my server's shares, (SAMBA)
> > > I noticed a number of rougue files (How to hack websites.exe etc..)
> > > I've already moved these files to a temp directory for the
> > time being.
> > >
> > > I've informed the users of the server of the viruses and
> > advised them to
> > > perform a scan of their PCs.
> > >
> > > I've disabled the account which was the source of infection
> > > until further notice as well.
> > >
> > > As I'm going through the system, I noticed that the virus
> > has actually been
> > > in the system for 2 days. Enough to populate to my
> > "mirrordir" directory,
> > > my snapshots as well as my rsync snapshots.
> > >
> > > I've not removed these files from the backups.
> > > (I'm thinking that - No one has access to these files
> > > and it will recover itself by tomorrow (for my mirrordir)
> > > and a couple of days for my snapshots to come full circle)
> > >
> > > SO.. what are your comments?
> > -- --
> > Most AV Scanners are capable of checking/repairing network volumes.
> > Mount and scan/repair from an up-to-date workstation.
>
> So.. Scanning them from Windows AV Scanners is the best bet?
---
No not necessarily the best bet - it's slow and a bandwidth hog but if
it's done during off hours, logged and well considered, it's feasible
and certainly is possible

Craig

--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list

Earn $52 per hosting referral at Lunarpages.