Who put shares on the server? Some twat PHB at Microsoft! Oh - and if you've never met them, you're lucky. They are put there by default, and it's registry tweaks or $DEITY knows what shenanigans to get rid of them.
Most admins don't even know they exist... (which is why they tend not to be disabled, which is why this particular worm probably spread ...) And as for scanning, didn't I say the server *should* be scanned? I would just NEVER have the stuff running all the time, relying on other strict measures to keep it clean. Cheers, Wol -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Jenkins Sent: 24 March 2004 23:36 To: 'U2 Users Discussion List' Subject: RE: UniVerse 10 on Win2k3 A few pickups on this: 1. Find out who put Windows shares on a database server and have a discussion with the person concerned. 2. Who opened up the firewall to the network to allow this to happen? Similar discussion to follow........ Remove Windows sharing as a facility and lock it up. Get the firewall people to close it up - The rule is close everything - open what you need. The rule is *not* close what you don't want. If you ask a network administrator "Which ports did you block?" and they start to tell you what they have *blocked* then have discussion (as above) - give extra lumps 3. Who loaded a virus on a machine that was *not* protected and where from ("space invaders maybe?" or a mail attachment (some never learn) (discussion) I use AV software myself OK with no problems, but it is not configured to "scan all files on opens" , "scan all files on reads" or "scan all files on writes". It just scans all executables and scripts. Some AV software seem to be friendly - others seem to be (distinctly) less so. Can we have a straw poll on AV software? Just post a subject of ANTIVIRUS - (name) - (version) *GOOD* or *BAD* as necessary - let's hear it. Regards JayJay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of uniVerse mailing list Sent: 24 March 2004 14:24 To: U2 Users Discussion List Subject: RE: UniVerse 10 on Win2k3 up until yesterday i'd have agreed with you. However a client got infected with a virus that symantec *claims* to have known about since December, but wasn't actually detected until i sent them the sample and it appeared in last nights defs! Virus spread via irc and *open admin$ shares* on the server - with weak administrator passwords. Therefore the server got infected. A realtime scanner would have picked this virus up this morning. (just make sure the realtime scanner does not scan the database itself) -----Original Message----- From: Anthony Youngman [mailto:[EMAIL PROTECTED] Posted At: 24 March 2004 09:29 Posted To: uniVerse Conversation: UniVerse 10 on Win2k3 Subject: RE: UniVerse 10 on Win2k3 AARRGGHH!! NEVER EVER run antivirus on a server. -- u2-users mailing list [EMAIL PROTECTED] http://www.oliver.com/mailman/listinfo/u2-users -- u2-users mailing list [EMAIL PROTECTED] http://www.oliver.com/mailman/listinfo/u2-users *********************************************************************************** This transmission is intended for the named recipient only. It may contain private and confidential information. If this has come to you in error you must not act on anything disclosed in it, nor must you copy it, modify it, disseminate it in any way, or show it to anyone. Please e-mail the sender to inform us of the transmission error or telephone ECA International immediately and delete the e-mail from your information system. Telephone numbers for ECA International offices are: Sydney +61 (0)2 9911 7799, Hong Kong + 852 2121 2388, London +44 (0)20 7351 5000 and New York +1 212 582 2333. *********************************************************************************** -- u2-users mailing list [EMAIL PROTECTED] http://www.oliver.com/mailman/listinfo/u2-users
