Full Disclosure mailing list archives

Re: Cleanining viruses from netware

From: Gadi Evron <ge () egotistical reprehensible net>
Date: Mon, 31 May 2004 15:53:39 +0200

Dowling, Gabrielle wrote:

Gadi....

What exactly are you encountering?

If you aren't running an av nlm on the server(s) in question, you should be able to map a drive to the system from even 
a workstation, and run a scan from there.

I'm not aware of anything that can actually infect a netware system, just things that can drop latent infectious 
content when write rights are relatively open.

What exactly are you dealing with?


A certain mass mailer which infected a netware network.

I've dealt with most of it, but I am looking for some script similar towhat a friend of mine once wrote for active directory, using LDAP andrunning from a domain admin account.

The script scanned the network and remotely removed the infection...Which is what I am looking for, if one such as that already exist andcan be shared.. only for netware.


Thanks for your answer,

        Gadi Evron.


--
Email: ge () linuxbox org.  Work: gadie () cbs gov il. Backup: ge () warp mx dk.
Phone: +972-50-428610 (Cell).

PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104  C0D0 A7B3 1CF7 D921 6A06

GPG key for encrypted email:http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc

ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA  569A A87E 8DB7 06C7 D450

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Cleanining viruses from netware Dowling, Gabrielle (May 30)
- Re: Cleanining viruses from netware Gadi Evron (May 31)
- Re: Cleanining viruses from netware Gadi Evron (May 31)