Q: What is containment action after Virus is found

James Kosin jkosin at beta.intcomgrp.com
Fri Apr 9 13:14:37 UTC 2004

Hash: SHA1

Ow Mun Heng wrote:

|>1) Usually, you need to isolate the computer infected from all outside
|>connections... this includes the NET.  To keep spreading down
|>to a minimum.
| This is a SAMBA file server.. The virus' not going anywhere or isn't
| gonna affect the server. (win32 virus)

I wasn't talking about the server....  I was talking about the users
computer.  The longer they are connected to others the more damage they
can cause.

|>6) Try to find out how the virus got on the system.  This is research
|>intensive...  FIND a solution to keep it from happening again.
| Actually, that's easy. It's a Samba File server. Users connect to it
| to share and save files. One of the users' PCs got infected by the
| virus and since that person has write access to the server, the
| Virus just migrated there. I'm trying to research into how to get
| some kind of anti-virus agent on my Linux Server.

Check out samba-vscan  this is a module to samba that allows virus
scanners for Linux to work.  There are many flavors out there, most are
I use ClamAV and like it very much.  They also include an email filter
that scans for viruses in email as they arrive.

|>7) Prepare for the next virus!
| Yeah.. Just for the benefit of my windows users.

Actually, for the benefit of all your users.  Linux viruses are rare;
but, they do exist.
Any virus can do a lot of damage to their machine and yours, regardless
of OS.  Remember, you are part of a BIGGER WORLD when you connect to the


- - --
- - --
James Kosin

International Communications Group, Inc.
200 Enterprise Drive
Newport News, VA 23603
United States of America
Phone: +1 (757)947-1030
Fax:   +1 (757)947-1035
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the users mailing list