[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B7C2C6BA798F3C4DBDD78BEDC1F8AD5709637682@nycmb01.law.sullcrom.com>
From: dowlingg at sullcrom.com (Dowling, Gabrielle)
Subject: Cleanining viruses from netware
The permissions are set in the nwadmin tool, and its not unlike how you set permissions in NT/AD. It is also a generally easy task to figure out the source of the incursion if the infected files if they haven't been moved into quarantine by checking the properties on them.
Permissions have to be set for the functions required by the hosting process or content residing on the host server which may have specific acls, or lack therof, applie.
Especially where dynamic data creation is involved, there's no good reason not to be running realtime av on netweare servers. But if you bump into a problem, you can always run a sweep from a different system that is running av by mapping a drive to the netware system and choosing to run a scan on that drive.
But it would be better to have realtime av on the boxes. And, you have to treat latent infectious content with a grain of salt if you don't know the mitigating controls in place in your network, largely because of what Nimda did with riched20, and also because you don't know how people might be opening up shares on your network to general "browsing".
G
Best
Gaby
-----Original Message-----
From: Gadi Evron <ge@...tistical.reprehensible.net>
To: Dowling, Gabrielle <dowlingg@...lcrom.com>
CC: full-disclosure@...ts.netsys.com <full-disclosure@...ts.netsys.com>
Sent: Mon May 31 10:25:29 2004
Subject: Re: [Full-Disclosure] Cleanining viruses from netware
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| I'm not aware of anything that can actually infect a netware system,
just things that can drop latent infectious content when write rights
are relatively open.
I am not much of a netware guy, can you please explain what I need to
check regarding permissions, and where? What should they be set? What
are you referring to?
I was referring to simply scanning every computer on the network,
however, there were viruses found on file servers with netware shares,
if that is what they are called. Network drives?
Gadi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAu0BXqH6NtwbH1FARAq9FAJ9wC5mbuxKMimkVKQZMmIYEfGbGcQCbBcmH
07YT9Gt0q+SqywPZbDEPxKI=
=FwY2
-----END PGP SIGNATURE-----
**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the
intended recipient, please delete the e-mail and notify us
immediately.
***********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040602/03a633a3/attachment.html
Powered by blists - more mailing lists