[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Cleanining viruses from netware
- To: <ge@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Cleanining viruses from netware
- From: "Dowling, Gabrielle" <dowlingg@xxxxxxxxxxxx>
- Date: Wed, 2 Jun 2004 01:26:42 -0400
The permissions are set in the nwadmin tool, and its not unlike how you set
permissions in NT/AD. It is also a generally easy task to figure out the
source of the incursion if the infected files if they haven't been moved into
quarantine by checking the properties on them.
Permissions have to be set for the functions required by the hosting process or
content residing on the host server which may have specific acls, or lack
therof, applie.
Especially where dynamic data creation is involved, there's no good reason not
to be running realtime av on netweare servers. But if you bump into a problem,
you can always run a sweep from a different system that is running av by
mapping a drive to the netware system and choosing to run a scan on that drive.
But it would be better to have realtime av on the boxes. And, you have to
treat latent infectious content with a grain of salt if you don't know the
mitigating controls in place in your network, largely because of what Nimda did
with riched20, and also because you don't know how people might be opening up
shares on your network to general "browsing".
G
Best
Gaby
-----Original Message-----
From: Gadi Evron <ge@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
To: Dowling, Gabrielle <dowlingg@xxxxxxxxxxxx>
CC: full-disclosure@xxxxxxxxxxxxxxxx <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Mon May 31 10:25:29 2004
Subject: Re: [Full-Disclosure] Cleanining viruses from netware
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| I'm not aware of anything that can actually infect a netware system,
just things that can drop latent infectious content when write rights
are relatively open.
I am not much of a netware guy, can you please explain what I need to
check regarding permissions, and where? What should they be set? What
are you referring to?
I was referring to simply scanning every computer on the network,
however, there were viruses found on file servers with netware shares,
if that is what they are called. Network drives?
Gadi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAu0BXqH6NtwbH1FARAq9FAJ9wC5mbuxKMimkVKQZMmIYEfGbGcQCbBcmH
07YT9Gt0q+SqywPZbDEPxKI=
=FwY2
-----END PGP SIGNATURE-----
**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the
intended recipient, please delete the e-mail and notify us
immediately.
***********************************************************************