From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 11 19:00:02 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C7C3F16A4CE
	for <freebsd-questions@FreeBSD.org>;
	Fri, 11 Feb 2005 19:00:02 +0000 (GMT)
Received: from mail.chrononomicon.com (chrononomicon.com [216.37.143.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7422D43D46
	for <freebsd-questions@FreeBSD.org>;
	Fri, 11 Feb 2005 19:00:02 +0000 (GMT)
	(envelope-from bsilver@chrononomicon.com)
Received: from [127.0.0.1] (unknown [192.168.0.42])
	by mail.chrononomicon.com (Postfix) with ESMTP
	id 7FC6A34538A; Fri, 11 Feb 2005 14:00:00 -0500 (EST)
In-Reply-To: <20050211135111.D33012@gwhs.kana.k12.wv.us>
References: <20050211135111.D33012@gwhs.kana.k12.wv.us>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <a161a401e52fd9840f1b5ecbd66bd6c5@chrononomicon.com>
Content-Transfer-Encoding: 7bit
From: Bart Silverstrim <bsilver@chrononomicon.com>
Date: Fri, 11 Feb 2005 13:59:58 -0500
To: Karen Donathan <donathan@gwhs.kana.k12.wv.us>
X-Mailer: Apple Mail (2.619.2)
cc: freebsd-questions@FreeBSD.org
Subject: Re: Virus question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2005 19:00:02 -0000


On Feb 11, 2005, at 1:55 PM, Karen Donathan wrote:

> To Whom it may concern:
>
> My name is Karen Donathan and I am a computer science teacher at 
> George Washington High School in Charleston, WV.  We run our website 
> (http://gwhs.kana.k12.wv.us) on a FreeBSD server.  This project was 
> given to me, and I am afraid that I really should know more about how 
> this works.
>
> My question is as follows:  How can I run a virus scan on my system?  
> What scan do you recommend?
>
> The reason I am asking this question is that our school system 
> administrator just found that there were some files infected with 
> Klez.h in the webroot directory of our server.  He found this out as 
> he downloaded some files from this directory to our Windows-XP school 
> server, and Norton flagged it right away.
>
> Any suggestions?

The FreeBSD server itself is immune to that virus.  I'd look at the 
files and ask how they got there (who put them there).

Second, personally I'd recommend you go into the ports tree and install 
ClamAV.  Then you can run Clamscan and that will flag which files are 
"infected".  Then you can go through and delete them or quarantine 
them.

-Bart