[Samba] suspicious activity

Payal Rathod payal-samba at staticky.com
Wed Aug 6 06:26:46 GMT 2003


Hi,
While using samba as PDC and file sharing this for just 1 machine, 1
found out that it was giving me this in log,

[2003/08/06 11:37:42, 2] smbd/reply.c:reply_sesssetup_and_X(985)
  Defaulting to Lanman password for shanky123
[2003/08/06 11:37:44, 1] smbd/service.c:make_connection(636)
  default (192.168.0.2) connect to service shanky123 as user shanky123 (uid=501, gid=501) (pid 1699)
[2003/08/06 11:37:45, 2] smbd/open.c:open_file(245)
  SHANKY123 opened file comvir.exe read=Yes write=No (numopen=1)
[2003/08/06 11:38:21, 2] smbd/close.c:close_normal_file(213)
  shanky123 closed file comvir.exe (numopen=0)

I was testing it myself so I am sure that I hadn't opened the file comvir.exe
on /home/shanky123 cos' it is a known virus.

Nobody uses/test this setup other than me. What is wrong in the logs above
and why? Do the above logs look ok?

Waiting eagerly for any response.
With warm regards,
-Payal



-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.



More information about the samba mailing list