lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B7C2C6BA798F3C4DBDD78BEDC1F8AD5709637682@nycmb01.law.sullcrom.com>
From: dowlingg at sullcrom.com (Dowling, Gabrielle)
Subject: Cleanining viruses from netware

The permissions are set in the nwadmin tool, and its not unlike how you set permissions in NT/AD.  It is also a generally easy task to figure out the source of the incursion if the infected files if they haven't been moved into quarantine by checking the properties on them.

Permissions have to be set for the functions required by the hosting process or content residing on the host server which may have specific acls, or lack therof, applie.

Especially where dynamic data creation is involved, there's no good reason not to be running realtime av on netweare servers.  But if you bump into a problem, you can always run a sweep from a different system that is running av by mapping a drive to the netware system and choosing to run a scan on that drive.  

But it would be better to have realtime av on the boxes.  And, you have to treat latent infectious content with a grain of salt if you don't know the mitigating controls in place in your network, largely because of what Nimda did with riched20, and also because you don't know how people might be opening up shares on your network to general "browsing".

G



Best

Gaby

-----Original Message-----
From: Gadi Evron <ge@...tistical.reprehensible.net>
To: Dowling, Gabrielle <dowlingg@...lcrom.com>
CC: full-disclosure@...ts.netsys.com <full-disclosure@...ts.netsys.com>
Sent: Mon May 31 10:25:29 2004
Subject: Re: [Full-Disclosure] Cleanining viruses from netware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I'm not aware of anything that can actually infect a netware system,
just things that can drop latent infectious content when write rights
are relatively open.

I am not much of a netware guy, can you please explain what I need to
check regarding permissions, and where? What should they be set? What
are you referring to?

I was referring to simply scanning every computer on the network,
however, there were viruses found on file servers with netware shares,
if that is what they are called. Network drives?

	Gadi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFAu0BXqH6NtwbH1FARAq9FAJ9wC5mbuxKMimkVKQZMmIYEfGbGcQCbBcmH
07YT9Gt0q+SqywPZbDEPxKI=
=FwY2
-----END PGP SIGNATURE-----




**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040602/03a633a3/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ