[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <40BCB2FF.8040600@linuxbox.org>
From: ge at linuxbox.org (Gadi Evron)
Subject: Cleanining viruses from netware
Harlan Carvey wrote:
> Gadi,
>
> For the sake of the list, would you be willing to
> share the answer you received?
Begin quote>>>
ST wrote:
---------
It relatively easy if the virus is detectable remotely i.e. it has a
component listening on a port. A simple nmap scan followed by a remote
connect and run of the disinfection tool will work. I prefer this
approach over using the directory service as it catches all active
machines, irrespective of whether they are in the directory or not.
Another approach is to use a login script that runs the disinfection
util automatically, subsequent logins do not run the script. I used the
absence of a file in a directory to indicate that the util had to be
run, run the script and then *IF* successful, create the flag file.
A combo of these methods will rapidly and effectivly catch most of the
infected machines and remove them.
-----
Gadi.
Powered by blists - more mailing lists