From owner-freebsd-questions@FreeBSD.ORG Fri Feb 11 19:45:27 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F9AD16A4CE for ; Fri, 11 Feb 2005 19:45:27 +0000 (GMT) Received: from out012.verizon.net (out012pub.verizon.net [206.46.170.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id C58E143D31 for ; Fri, 11 Feb 2005 19:45:26 +0000 (GMT) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([68.163.189.143]) by out012.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050211194526.NEYQ15978.out012.verizon.net@keyslapper.org> for ; Fri, 11 Feb 2005 13:45:26 -0600 Received: from localhost (localhost [127.0.0.1]) by keyslapper.org (Postfix) with ESMTP id 2FC4311BA6 for ; Fri, 11 Feb 2005 14:45:25 -0500 (EST) Received: from keyslapper.org ([127.0.0.1]) by localhost (keyslapper.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13977-10 for ; Fri, 11 Feb 2005 14:45:17 -0500 (EST) Received: by keyslapper.org (Postfix, from userid 1001) id 82BE511B0A; Fri, 11 Feb 2005 14:45:17 -0500 (EST) Date: Fri, 11 Feb 2005 14:45:17 -0500 From: Louis LeBlanc To: freebsd-questions@freebsd.org Message-ID: <20050211194517.GJ1404@keyslapper.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <20050211135111.D33012@gwhs.kana.k12.wv.us> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TYecfFk8j8mZq+dy" Content-Disposition: inline In-Reply-To: <20050211135111.D33012@gwhs.kana.k12.wv.us> X-PGP-Key: http://www.keyslapper.net/~leblanc/leblanc-at-keyslapper-net.asc User-Agent: Mutt/1.5.7i X-Virus-Scanned: amavisd-new at keyslapper.net X-Authentication-Info: Submitted using SMTP AUTH at out012.verizon.net from [68.163.189.143] at Fri, 11 Feb 2005 13:45:25 -0600 Subject: Re: Virus question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 19:45:27 -0000 --TYecfFk8j8mZq+dy Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02/11/05 01:55 PM, Karen Donathan sat at the `puter and typed: > To Whom it may concern: >=20 > My name is Karen Donathan and I am a computer science teacher at > George Washington High School in Charleston, WV. We run our website > (http://gwhs.kana.k12.wv.us) on a FreeBSD server. This project was > given to me, and I am afraid that I really should know more about > how this works. >=20 > My question is as follows: How can I run a virus scan on my system? > What scan do you recommend? >=20 > The reason I am asking this question is that our school system > administrator just found that there were some files infected with > Klez.h in the webroot directory of our server. He found this out as > he downloaded some files from this directory to our Windows-XP > school server, and Norton flagged it right away. I was doing the same thing last night at 11:30. Norton flagged over 100 instances of Klez on my sister-in-laws business computer. There were at least a dozen others, including a keylogger, backdoor, and at least 8 other trojans, but Klez was definitely the most proliferated. Fun, ain't it? > Any suggestions? As suggested by another poster, Clam-AV. I use it and it catches all kinds of nasties. There is also f-prot, which you can set up as a backup scanner through Amavisd-new. I use Amavisd-new with postfix as my SMTP server, but if you're using Sendmail, there may be other options you want to check out. Start with the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html particularly chapter 4, if you're not familiar with the ports, and chapter 22 to get a good overview of the options involving email. Good luck Lou --=20 Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Please send off-list email to: leblanc at keyslapper d.t net Key fingerprint =3D C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Corry's Law: Paper is always strongest at the perforations. --TYecfFk8j8mZq+dy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCDQtNr4Wi/oDI2aIRAnPKAJ48H8NEoxr1uTjhenyoUhZFca9RlwCdH9nr LM7cAhQv9ZeKaPBILbn8uXk= =f0WM -----END PGP SIGNATURE----- --TYecfFk8j8mZq+dy--