Q: What is containment action after Virus is found
Ow Mun Heng
ow.mun.heng at wdc.com
Mon Apr 12 01:51:31 UTC 2004
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com]On Behalf Of James Kosin
> Sent: Friday, April 09, 2004 9:15 PM
> To: For users of Fedora Core releases
> Subject: Re: Q: What is containment action after Virus is found
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ow Mun Heng wrote:
> |
> <<--snip-->>
>
> |>
> |>1) Usually, you need to isolate the computer infected from
> all outside
> |>connections... this includes the NET. To keep spreading down
> |>to a minimum.
> |
> |
> | This is a SAMBA file server.. The virus' not going anywhere or isn't
> | gonna affect the server. (win32 virus)
>
> I wasn't talking about the server.... I was talking about the users
> computer. The longer they are connected to others the more
> damage they
> can cause.
Yeah.. Did that already.
>
> <<--snip-->>
> |
> |
> |>6) Try to find out how the virus got on the system. This
> is research
> |>intensive... FIND a solution to keep it from happening again.
> |
> |
> | Actually, that's easy. It's a Samba File server. Users connect to it
> | to share and save files. One of the users' PCs got infected by the
> | virus and since that person has write access to the server, the
> | Virus just migrated there. I'm trying to research into how to get
> | some kind of anti-virus agent on my Linux Server.
>
> Check out samba-vscan this is a module to samba that allows virus
> scanners for Linux to work. There are many flavors out
> there, most are
> free.
> I use ClamAV and like it very much. They also include an email filter
> that scans for viruses in email as they arrive.
Currently looking into how to get it implemented. If you've got any
tutorial/howto's etc, it would be appreciated.
More information about the fedora-list
mailing list