| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dowlingg at sullcrom.com (Dowling, Gabrielle) Subject: Cleanining viruses from netware The permissions are set in the nwadmin tool, and its not unlike how you set permissions in NT/AD. It is also a generally easy task to figure out the source of the incursion if the infected files if they haven't been moved into quarantine by checking the properties on them. Permissions have to be set for the functions required by the hosting process or content residing on the host server which may have specific acls, or lack therof, applie. Especially where dynamic data creation is involved, there's no good reason not to be running realtime av on netweare servers. But if you bump into a problem, you can always run a sweep from a different system that is running av by mapping a drive to the netware system and choosing to run a scan on that drive. But it would be better to have realtime av on the boxes. And, you have to treat latent infectious content with a grain of salt if you don't know the mitigating controls in place in your network, largely because of what Nimda did with riched20, and also because you don't know how people might be opening up shares on your network to general "browsing". G Best Gaby -----Original Message----- From: Gadi Evron <ge@...tistical.reprehensible.net> To: Dowling, Gabrielle <dowlingg@...lcrom.com> CC: full-disclosure@...ts.netsys.com <full-disclosure@...ts.netsys.com> Sent: Mon May 31 10:25:29 2004 Subject: Re: [Full-Disclosure] Cleanining viruses from netware -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | I'm not aware of anything that can actually infect a netware system, just things that can drop latent infectious content when write rights are relatively open. I am not much of a netware guy, can you please explain what I need to check regarding permissions, and where? What should they be set? What are you referring to? I was referring to simply scanning every computer on the network, however, there were viruses found on file servers with netware shares, if that is what they are called. Network drives? Gadi. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFAu0BXqH6NtwbH1FARAq9FAJ9wC5mbuxKMimkVKQZMmIYEfGbGcQCbBcmH 07YT9Gt0q+SqywPZbDEPxKI= =FwY2 -----END PGP SIGNATURE----- ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040602/03a633a3/attachment.html
Powered by blists - more mailing lists