Just my cents... What I do on my linux samba fileservers is use McAfee Virusscan for Linux and run cronjobs that scans the harddisks for virusses, quarentine them, remove them, etc etc. There are good scripts on the internet that you can use to update the virus definitions. There are also other companies providing virusscanners for Linux.
But you were infected with the Nimda.E worm... why didnt your boss install all the latest patches ? Hasnt he learned that from experience of all the previous worms, intrusions ? Regards, Brenno > -----Original Message----- > From: joe vano [SMTP:[EMAIL PROTECTED]] > Sent: donderdag 18 april 2002 19:30 > To: [EMAIL PROTECTED] > Subject: nimda fun in linux/win2k network > > Okay, here's the deal: > > My boss set up a win NT box with IIS running on it to do work for a > customer. Now my boss is an excellent programmer and knows his way around > linux, but Windows eludes him. Within 24 hours of the NT box's > installation, Nimda.E is everywhere on the network. We didn't have a good > AV solution because its never been a problem before. > > We run linux file servers and Win2k Pro desktops (for the business guys). > Of course, Nimda.E doesn't bother the linux servers one iota, but it > played havoc w/ the windows boxes. We have the desktops cleared up by > using Norton AV. > > Now to the real problem: > > The desktops are cleared and protected now, but the file server space > keeps getting chewed up by copies of the worm. Also, having an > uncontained worm on the file servers is no good for my sleeping habits. > How the heck can I get Nimda off my fileserver? > > I've tried to scan and clear the windows-mountable shares by running > Norton AV 2001 on my win2k desktop, but I can't seem to quarantine or > delete any of the thousands of infected files. I'm thinking I might try > to rm -rf *.eml from the root directory, but a nagging doubt is telling me > that this might be a bad thing. A) It might delete perfectly good files > B) Only most of the infected files are .eml; some are infected .exe > > If you're still reading by this point, I need some more advice if you are > willing to impart it: One of my other bosses has already given me the > go-ahead to get quotes for Norton Anti-virus Corporate 7.6. Now, this is > all well and good. It will PROBABLY keep this fiasco from happening again > (along w/ no IIS on a public IP in the office), but what if it does? Does > anyone know if NAV corporate can handle file servers running under linux > that are Windows mountable? I'm going to call Symantec about it, but > they'll surely pump me full of sunshine and send me on my merry way.
