Full Disclosure mailing list archives
Re: Cleanining viruses from netware
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 01 Jun 2004 18:46:55 +0200
Harlan Carvey wrote: > Gadi, > > For the sake of the list, would you be willing to > share the answer you received? Begin quote>>> ST wrote: --------- It relatively easy if the virus is detectable remotely i.e. it has a component listening on a port. A simple nmap scan followed by a remote connect and run of the disinfection tool will work. I prefer this approach over using the directory service as it catches all active machines, irrespective of whether they are in the directory or not. Another approach is to use a login script that runs the disinfection util automatically, subsequent logins do not run the script. I used the absence of a file in a directory to indicate that the util had to be run, run the script and then *IF* successful, create the flag file. A combo of these methods will rapidly and effectivly catch most of the infected machines and remove them. ----- Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Cleanining viruses from netware Dowling, Gabrielle (May 31)
- Re: Cleanining viruses from netware Gadi Evron (Jun 01)
- Re: Cleanining viruses from netware Harlan Carvey (Jun 01)
- Re: Cleanining viruses from netware Gadi Evron (Jun 01)
- Re: Cleanining viruses from netware Gadi Evron (Jun 01)
- Re: Cleanining viruses from netware Harlan Carvey (Jun 01)
- <Possible follow-ups>
- Re: Cleanining viruses from netware Dowling, Gabrielle (Jun 01)
- Re: Cleanining viruses from netware Gadi Evron (Jun 01)