From owner-freebsd-questions@FreeBSD.ORG Fri Feb 11 20:37:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 781A516A4CE for ; Fri, 11 Feb 2005 20:37:28 +0000 (GMT) Received: from prosporo.hedron.org (hedron.org [66.11.182.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8A2043D1D for ; Fri, 11 Feb 2005 20:37:27 +0000 (GMT) (envelope-from ean@hedron.org) Received: from www.hedron.org (localhost.hedron.org [127.0.0.1]) by prosporo.hedron.org (Postfix) with ESMTP id 45F22C0C5 for ; Fri, 11 Feb 2005 15:37:38 -0500 (EST) Received: from 216.220.59.169 (SquirrelMail authenticated user ean); by www.hedron.org with HTTP; Fri, 11 Feb 2005 15:37:38 -0500 (EST) Message-ID: <3836.216.220.59.169.1108154258.squirrel@216.220.59.169> In-Reply-To: <20050211194517.GJ1404@keyslapper.net> References: <20050211135111.D33012@gwhs.kana.k12.wv.us> <20050211194517.GJ1404@keyslapper.net> Date: Fri, 11 Feb 2005 15:37:38 -0500 (EST) From: "Ean Kingston" To: freebsd-questions@FreeBSD.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: Virus question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 20:37:28 -0000 > On 02/11/05 01:55 PM, Karen Donathan sat at the `puter and typed: >> To Whom it may concern: >> >> My name is Karen Donathan and I am a computer science teacher at >> George Washington High School in Charleston, WV. We run our website >> (http://gwhs.kana.k12.wv.us) on a FreeBSD server. This project was >> given to me, and I am afraid that I really should know more about >> how this works. >> >> My question is as follows: How can I run a virus scan on my system? >> What scan do you recommend? f-prot makes a virus scanner for FreeBSD. http://www.f-prot.com/products/corporate_users/unix/ >> The reason I am asking this question is that our school system >> administrator just found that there were some files infected with >> Klez.h in the webroot directory of our server. Do you know how the virus got into the webroot of your server? You should find out. >> He found this out as >> he downloaded some files from this directory to our Windows-XP >> school server, and Norton flagged it right away. > > I was doing the same thing last night at 11:30. Norton flagged over > 100 instances of Klez on my sister-in-laws business computer. There > were at least a dozen others, including a keylogger, backdoor, and at > least 8 other trojans, but Klez was definitely the most proliferated. > Fun, ain't it? > >> Any suggestions? > > As suggested by another poster, Clam-AV. I use it and it catches all > kinds of nasties. There is also f-prot, which you can set up as a > backup scanner through Amavisd-new. > > I use Amavisd-new with postfix as my SMTP server, but if you're using > Sendmail, there may be other options you want to check out. Start > with the handbook: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html > particularly chapter 4, if you're not familiar with the ports, and > chapter 22 to get a good overview of the options involving email. > > Good luck > > Lou > -- > Louis LeBlanc FreeBSD-at-keyslapper-DOT-net > Fully Funded Hobbyist, KeySlapper Extrordinaire :) > Please send off-list email to: leblanc at keyslapper d.t net > Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 > > Corry's Law: > Paper is always strongest at the perforations. > -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/