Q: What is containment action after Virus is found

Fri Apr 9 13:14:37 UTC 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ow Mun Heng wrote:
|
<<--snip-->>

|>
|>1) Usually, you need to isolate the computer infected from all outside
|>connections... this includes the NET.  To keep spreading down
|>to a minimum.
|
|
| This is a SAMBA file server.. The virus' not going anywhere or isn't
| gonna affect the server. (win32 virus)

I wasn't talking about the server....  I was talking about the users
computer.  The longer they are connected to others the more damage they
can cause.

<<--snip-->>
|
|
|>6) Try to find out how the virus got on the system.  This is research
|>intensive...  FIND a solution to keep it from happening again.
|
|
| Actually, that's easy. It's a Samba File server. Users connect to it
| to share and save files. One of the users' PCs got infected by the
| virus and since that person has write access to the server, the
| Virus just migrated there. I'm trying to research into how to get
| some kind of anti-virus agent on my Linux Server.

Check out samba-vscan  this is a module to samba that allows virus
scanners for Linux to work.  There are many flavors out there, most are
free.
I use ClamAV and like it very much.  They also include an email filter
that scans for viruses in email as they arrive.

Actually, for the benefit of all your users.  Linux viruses are rare;
but, they do exist.
Any virus can do a lot of damage to their machine and yours, regardless
of OS.  Remember, you are part of a BIGGER WORLD when you connect to the
NET.

|
|

- - --
- - --
James Kosin

International Communications Group, Inc.
200 Enterprise Drive
Newport News, VA 23603
United States of America
Phone: +1 (757)947-1030
Fax:   +1 (757)947-1035
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAdqG9c7lFLjBWKW0RArFcAJwMhqvOe5RgIdCxJn0tPUBn4qL/9wCfetV6
2U9UhoC4N8KGHb1ovJeR4U0=
=5You
-----END PGP SIGNATURE-----