[Samba] RE: Samba and Win viruses

Adam Buglass adam.buglass at ncl.ac.uk
Thu Apr 1 13:44:39 GMT 2004 

It appears that this message never reached the list.
I have been out of the office and apologise for not replying sooner.
.......



> > We have had our server blocked as it is probing port 25 
> 
> Port 25 is the SMTP (mail delivery) port.  Maybe your Samba server is
trying
> to issue emails out for some reason.  Odd that this would be
considered a
> "probe" though.  Does the Samba server run any kind of SOCKS proxying
> software, or even web-proxying software?
> 
Currently we don't actually have any software runing on Samba.
We have Samba installed and running but not actually doing anything very
much as yet.

> > My question: Is it actually possible for a Samba system to be
infected
> > with Win viruses such as MyDoom or Blaster?
> 
> I'll answer your question with another question: is it possible for a
> UNIX-based mail host to "be infected" with MyDoom or Blaster emails? 
In
> both the Samba and the Mailhost case, you have three parties, one of
whom
> doesn't really "parse" data content, but to the other two parties [the
> source and destination parties, really], the payload has a great deal
more
> "meaning".
No. MyDoom and Blaster both work by inserting lines into specific
Windows registry files which simply don't exist on a Unix system.
If a MyDoom or Blaster worm, for example, got as far as attempting an
install on a Unix system they should just fail completely and utterly.

IN theory, for a Samba system to be infected by such viruses it would
have to replicate Windows so thoroughly as to have Windows registry
files of the same name which are used in roughly the same way as a
Windows system!

> 
> Clear now? :)
Not Really! :-/
Are you saying that there is a part of the process that means Samba
could possibly be infected?

Of course it could be that sendmail has picked up a virus and is probing
Port25...!

> Cheers,
> 
> =Rob=
-- 

Adam Buglass,  ><>
The Golden Freeway,
Department of Child Health,
University of Newcastle-upon-Tyne.
Royal Victoria Infirmary.

(0191) 2023062

"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote." 
~Benjamin Franklin, 1759

More information about the samba mailing list