One up for the home team

Craig Kelley ink at
Wed Jan 31 22:41:13 GMT 2001

On Wed, 31 Jan 2001 Graeme.Vetterlein at wrote:

> Thought the readers of this mailing-lust might find this ammusing.
> I got a phone call fom our Virus 'department' (big companies :-) seems my
> (w2k) PC had
> a virus !!
> Clean-up and checkers update ....
> It's back (funlove) ... what's going on... Oh dear it's on a SAMBA share
> (/rtmp public tempory
> space)
> So I poke around on log.smb and find a whole buch of machines, two use guest
> one is our virus
> department user ... the other is the bad guy!!
> So since it was a SAMBA share we could  trace the logs.

Another cool virus story:  We have our server run uvscan (Mcafee
Anti-Virus for Linux) on the samba shares periodically, if it finds a
virus it will e-mail the owner of the file notifying them.  Then, the user
is able to click on a hyperlink to take them to a web interface that
allows them to clean the file from the webserver (running a perl script
which calls uvscan).

Pretty cool stuff that's pretty much impossible to do under Windows.

The wheel is turning but the hamster is dead.
Craig Kelley  -- kellcrai at finger ink at for PGP block

More information about the samba-ntdom mailing list