One up for the home team
ink at inconnu.isu.edu
Wed Jan 31 22:41:13 GMT 2001
On Wed, 31 Jan 2001 Graeme.Vetterlein at ntl.com wrote:
> Thought the readers of this mailing-lust might find this ammusing.
> I got a phone call fom our Virus 'department' (big companies :-) seems my
> (w2k) PC had
> a virus !!
> Clean-up and checkers update ....
> It's back (funlove) ... what's going on... Oh dear it's on a SAMBA share
> (/rtmp public tempory
> So I poke around on log.smb and find a whole buch of machines, two use guest
> one is our virus
> department user ... the other is the bad guy!!
> So since it was a SAMBA share we could trace the logs.
Another cool virus story: We have our server run uvscan (Mcafee
Anti-Virus for Linux) on the samba shares periodically, if it finds a
virus it will e-mail the owner of the file notifying them. Then, the user
is able to click on a hyperlink to take them to a web interface that
allows them to clean the file from the webserver (running a perl script
which calls uvscan).
Pretty cool stuff that's pretty much impossible to do under Windows.
The wheel is turning but the hamster is dead.
Craig Kelley -- kellcrai at isu.edu
http://www.isu.edu/~kellcrai finger ink at inconnu.isu.edu for PGP block
More information about the samba-ntdom