Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cleanining viruses from netware

From: "Dowling, Gabrielle" <dowlingg () sullcrom com>
Date: Wed, 2 Jun 2004 01:26:42 -0400
The permissions are set in the nwadmin tool, and its not unlike how you set permissions in NT/AD.  It is also a 
generally easy task to figure out the source of the incursion if the infected files if they haven't been moved into 
quarantine by checking the properties on them.

Permissions have to be set for the functions required by the hosting process or content residing on the host server 
which may have specific acls, or lack therof, applie.

Especially where dynamic data creation is involved, there's no good reason not to be running realtime av on netweare 
servers.  But if you bump into a problem, you can always run a sweep from a different system that is running av by 
mapping a drive to the netware system and choosing to run a scan on that drive.  

But it would be better to have realtime av on the boxes.  And, you have to treat latent infectious content with a grain 
of salt if you don't know the mitigating controls in place in your network, largely because of what Nimda did with 
riched20, and also because you don't know how people might be opening up shares on your network to general "browsing".

G



Best

Gaby

-----Original Message-----
From: Gadi Evron <ge () egotistical reprehensible net>
To: Dowling, Gabrielle <dowlingg () sullcrom com>
CC: full-disclosure () lists netsys com <full-disclosure () lists netsys com>
Sent: Mon May 31 10:25:29 2004
Subject: Re: [Full-disclosure] Cleanining viruses from netware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I'm not aware of anything that can actually infect a netware system,
just things that can drop latent infectious content when write rights
are relatively open.

I am not much of a netware guy, can you please explain what I need to
check regarding permissions, and where? What should they be set? What
are you referring to?

I was referring to simply scanning every computer on the network,
however, there were viruses found on file servers with netware shares,
if that is what they are called. Network drives?

        Gadi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFAu0BXqH6NtwbH1FARAq9FAJ9wC5mbuxKMimkVKQZMmIYEfGbGcQCbBcmH
07YT9Gt0q+SqywPZbDEPxKI=
=FwY2
-----END PGP SIGNATURE-----




**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: