Re: NIMDA Q.
From: Joe Bloggs (stuSpam-art@excite.com)Date: 04/22/02
- Next message: Fredrik B: "DHCP Server -how does it work?"
- Previous message: those who know me have no need of my name: "Re: True Vector causing 110% CPU usage .. why??"
- In reply to: Eirik Seim: "Re: NIMDA Q."
- Next in thread: Lars M. Hansen: "Re: NIMDA Q."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Joe Bloggs <stuSpam-art@excite.com> Date: Mon, 22 Apr 2002 12:37:33 +0200
>
> Now, either this thing
> > > > has not been quarantined properly by the Norton or one of the users has
> > > > an infected machine with these shares and the virus pushes itself over
> > > > from their machine or what?
> > > One of Nimda's way of spreading is through mapped network drives, so you
> > > should if possible enforce similar antivirus control on all computers that
> > > access the share.
> > But.... should it not be that as and when a person with an infected system
> > fires up their machine and the virus tries to push itself to the mapped
> > drive,
> > the Virus Protection on the file server should see it coming through NetBios
> > and stop it before it can be fully dropped onto the drive?!
>
> This sure could have made things easier, but I don't know if any (or all)
> antivirus applications do this. It would be a nice idea, but on a busy
> fileserver? I don't know.
>
> The server itself does not really gets infected I guess. Your problem is that
> it helps spreading the virus from client to client?
>
> More than a year ago now, but I still remember the weeks of cleaning up after
> the loveletter plague on a 1500+ user network. If you cannot enforce
> virus protection, or up to date signature files on the clients, the best you
> can do is making sure you have no world writable (and readable) shared
> directories. This might not be an acceptable solution..
>
> Isn't there any dedicated NG for antivirus stuff?
>
Probably is a NG just for this stuff (just found one!) but thought I would try here
quickly as I need an answer fast!.. I would have thought that Nortons Package would
catch anything aimed at it from over the network including (and particularly!)
NetBios transfers. The error it gives is that it found 1500 instances of this virus
on various directories (all individual shares) and that it quarantined it... I am
beginning to think that it is the server that holds the virus and has not been
properly cleaned by Norton?
Anyone else problems with world readable file sharing and NIMDA? I can not add
passwords to these public shares.. where is the NIMDA coming from? Is it on the
server or on an infected PC (But there are thousands to choose from!) and why is
the Virus Protection from Norton so crap?
Maybe I should look at running one of these NIMDA removal apps on the server itself
and see what it says as I am not too sure I trust the messages from Nortons
Corporate Virus scanner...?!
> Repeat of above...
Probably is a NG just for this stuff (just found one!) but thought I would try here
quickly as I need an answer fast!.. I would have thought that Nortons Package would
catch anything aimed at it from over the network including (and particularly!)
NetBios transfers. The error it gives is that it found 1500 instances of this virus
on various directories (all individual shares) and that it quarantined it... I am
beginning to think that it is the server that holds the virus and has not been
properly cleaned by Norton?
Anyone else problems with world readable file sharing and NIMDA? I can not add
passwords to these public shares.. where is the NIMDA coming from? Is it on the
server or on an infected PC (But there are thousands to choose from!) and why is
the Virus Protection from Norton so crap?
Maybe I should look at running one of these NIMDA removal apps on the server itself
and see what it says as I am not too sure I trust the messages from Nortons
Corporate Virus scanner...?!
-- No Comment!-- No Comment!
- Next message: Fredrik B: "DHCP Server -how does it work?"
- Previous message: those who know me have no need of my name: "Re: True Vector causing 110% CPU usage .. why??"
- In reply to: Eirik Seim: "Re: NIMDA Q."
- Next in thread: Lars M. Hansen: "Re: NIMDA Q."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
