On Sun, 2004-04-11 at 18:43, Ow Mun Heng wrote: > > -----Original Message----- > > From: shrike-list-bounces@xxxxxxxxxx > > [mailto:shrike-list-bounces@xxxxxxxxxx]On Behalf Of Craig White > > Sent: Friday, April 09, 2004 8:58 PM > > To: Discussion of Red Hat Linux 9 (Shrike) > > Subject: Re: Q: Containement Action after Virus is found. > > > > > > On Thu, 2004-04-08 at 18:48, Ow Mun Heng wrote: > > > Hi Guys, > > > > > > Need some guidance. Looking through my server's shares, (SAMBA) > > > I noticed a number of rougue files (How to hack websites.exe etc..) > > > I've already moved these files to a temp directory for the > > time being. > > > > > > I've informed the users of the server of the viruses and > > advised them to > > > perform a scan of their PCs. > > > > > > I've disabled the account which was the source of infection > > > until further notice as well. > > > > > > As I'm going through the system, I noticed that the virus > > has actually been > > > in the system for 2 days. Enough to populate to my > > "mirrordir" directory, > > > my snapshots as well as my rsync snapshots. > > > > > > I've not removed these files from the backups. > > > (I'm thinking that - No one has access to these files > > > and it will recover itself by tomorrow (for my mirrordir) > > > and a couple of days for my snapshots to come full circle) > > > > > > SO.. what are your comments? > > ----- > > Most AV Scanners are capable of checking/repairing network volumes. > > Mount and scan/repair from an up-to-date workstation. > > So.. Scanning them from Windows AV Scanners is the best bet? --- No not necessarily the best bet - it's slow and a bandwidth hog but if it's done during off hours, logged and well considered, it's feasible and certainly is possible Craig -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
