Alert: Non-responding servers after deploying newest Trend
From: Steve Madden (smadden@LANDSTAR.COM)Date: 10/28/01
- Previous message: Scott Turchin: "Error 530 User cannot log in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <C941C55A3507D411A73400D0B720E976019B1D62@JAXLCSEXCH> Date: Sun, 28 Oct 2001 16:27:26 -0500 From: Steve Madden <smadden@LANDSTAR.COM> Subject: Alert: Non-responding servers after deploying newest Trend To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Have run into a similar (may even be same) problem. We run about 75 servers
with ServerProtect 5.2. During the recent Nimda outbreak, a 'Deny Write'
rule was implemented for files with a .eml extension. Trend has released
two new scan engines, 5.55 and 5.6 over the last 7 days. Over the last 3
days, several automated jobs have failed due to 'Access Denied' when
attempting to write log files, failed to execute FTP 'Put' commands (without
logging any errors), and today all write access for TS users on one file
server was blocked. In all cases, turning off the rule fixed the issue
immediately. This does not deactivate the antivirus, and file scanning will
continue as normal. The rule explicitly prohibits creating files based on
specific extensions, whether they are infected or not.
Inability to write would cause just about every symptom listed, whether it's
cacheing a desktop image to transmit in pcanywhere, crashing the print spool
or trying to install software by distribution. We didn't have to resort to
starting any servers in safemode, we simply changed the 'deny write'
settings for the domain from the IS console, and within seconds the change
had reached all servers.
-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]On Behalf Of Russ
Sent: Sunday, October 28, 2001 8:14 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: Non-responding servers after deploying newest Trend
signat ure /engine
I received the following through the night. The author wised to remain
anonymous. I have not been able to verify the claims, but figured given the
potential harm that it was more prudent to get it out there than to wait for
confirmation from Trend (whom I just notified).
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate
- Previous message: Scott Turchin: "Error 530 User cannot log in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
