On Thu, 2004-04-08 at 18:48, Ow Mun Heng wrote: > Hi Guys, > > Need some guidance. Looking through my server's shares, (SAMBA) > I noticed a number of rougue files (How to hack websites.exe etc..) > I've already moved these files to a temp directory for the time being. > > I've informed the users of the server of the viruses and advised them to > perform a scan of their PCs. > > I've disabled the account which was the source of infection > until further notice as well. > > As I'm going through the system, I noticed that the virus has actually been > in the system for 2 days. Enough to populate to my "mirrordir" directory, > my snapshots as well as my rsync snapshots. > > I've not removed these files from the backups. > (I'm thinking that - No one has access to these files > and it will recover itself by tomorrow (for my mirrordir) > and a couple of days for my snapshots to come full circle) > > SO.. what are your comments? ----- Most AV Scanners are capable of checking/repairing network volumes. Mount and scan/repair from an up-to-date workstation. Craig -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
