Q: What is containment action after Virus is found
jkosin at beta.intcomgrp.com
Fri Apr 9 13:14:37 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Ow Mun Heng wrote:
|>1) Usually, you need to isolate the computer infected from all outside
|>connections... this includes the NET. To keep spreading down
|>to a minimum.
| This is a SAMBA file server.. The virus' not going anywhere or isn't
| gonna affect the server. (win32 virus)
I wasn't talking about the server.... I was talking about the users
computer. The longer they are connected to others the more damage they
|>6) Try to find out how the virus got on the system. This is research
|>intensive... FIND a solution to keep it from happening again.
| Actually, that's easy. It's a Samba File server. Users connect to it
| to share and save files. One of the users' PCs got infected by the
| virus and since that person has write access to the server, the
| Virus just migrated there. I'm trying to research into how to get
| some kind of anti-virus agent on my Linux Server.
Check out samba-vscan this is a module to samba that allows virus
scanners for Linux to work. There are many flavors out there, most are
I use ClamAV and like it very much. They also include an email filter
that scans for viruses in email as they arrive.
|>7) Prepare for the next virus!
| Yeah.. Just for the benefit of my windows users.
Actually, for the benefit of all your users. Linux viruses are rare;
but, they do exist.
Any virus can do a lot of damage to their machine and yours, regardless
of OS. Remember, you are part of a BIGGER WORLD when you connect to the
- - --
- - --
International Communications Group, Inc.
200 Enterprise Drive
Newport News, VA 23603
United States of America
Phone: +1 (757)947-1030
Fax: +1 (757)947-1035
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the users