> -----Original Message----- > From: shrike-list-bounces@xxxxxxxxxx > [mailto:shrike-list-bounces@xxxxxxxxxx]On Behalf Of Craig White > Sent: Friday, April 09, 2004 8:58 PM > To: Discussion of Red Hat Linux 9 (Shrike) > Subject: Re: Q: Containement Action after Virus is found. > > > On Thu, 2004-04-08 at 18:48, Ow Mun Heng wrote: > > Hi Guys, > > > > Need some guidance. Looking through my server's shares, (SAMBA) > > I noticed a number of rougue files (How to hack websites.exe etc..) > > I've already moved these files to a temp directory for the > time being. > > > > I've informed the users of the server of the viruses and > advised them to > > perform a scan of their PCs. > > > > I've disabled the account which was the source of infection > > until further notice as well. > > > > As I'm going through the system, I noticed that the virus > has actually been > > in the system for 2 days. Enough to populate to my > "mirrordir" directory, > > my snapshots as well as my rsync snapshots. > > > > I've not removed these files from the backups. > > (I'm thinking that - No one has access to these files > > and it will recover itself by tomorrow (for my mirrordir) > > and a couple of days for my snapshots to come full circle) > > > > SO.. what are your comments? > ----- > Most AV Scanners are capable of checking/repairing network volumes. > Mount and scan/repair from an up-to-date workstation. So.. Scanning them from Windows AV Scanners is the best bet? -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
