From owner-freebsd-security Wed May 20 17:19:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA01655 for freebsd-security-outgoing; Wed, 20 May 1998 17:19:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA01618 for ; Wed, 20 May 1998 17:19:04 -0700 (PDT) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id RAA04596; Wed, 20 May 1998 17:18:59 -0700 (PDT) Message-Id: <199805210018.RAA04596@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaaepaa; Wed May 20 17:18:58 1998 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: Emmanuel Gravel cc: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD In-reply-to: Your message of "Wed, 20 May 1998 13:17:11 PDT." <3562D7D7.65F60C0@elr346.ateng.az.honeywell.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 20 May 1998 17:18:37 -0700 From: Cy Schubert - ITSD Open Systems Group Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > Stunt Pope wrote: > > On 20-May-98 Emmanuel Gravel wrote: > > > I haven't heard of a virus made for a Unix-like OS before, but I'm > > > wondering if this can be an issue with FreeBSD (or Linux for that > > > matter). I'm saying this since they both run on the most common > > > platform there is today, the PC. I know most virii were writen for > > > DOS-like OS's, but it's my impression that the common point between > > > both machines is the hardware. > > > > > > Can anyone either clear this for me, or point me in the right direction > > > for some info? > > > > > > > Checkout the Bugtraq archives, and search on "linux virus", there was > > one released last summer or so, mainly as an exercise IIRC. Can't > > remember the name of it though. > > > > (http://www.geek-girl.com/bugtraq/) > > > > -mark > > Thanks for all the info. Now for a second question. Since there is an > antivirus made by McAfee for Linux, Solaris, HP-UX, AIX (and one or two > more Unix OS's) is there anything similar made for FreeBSD? What can > one download/purchase to prevent: > > 1- Arrival/infection of the system from any virus that would target > FreeBSD? > 2- Presence of virii for any other OS in any file on the system? > > Thanks for your help! Sorry for getting into this late... another day of meetings. The Linux virus was not a virus in the truest sense. What it did was to move the original binary to some other directory and replace it with itself, which in turn would do what virus-like programs like to do and finally exec(2) the original program. If you want to characterize this in any way, it would probably be closer to a trojan horse than a virus, though that's more an issue of semantics. The best way to detect such a beast on a UNIX system would probably be with tripwire or some other application that maintains signatures of various files on your system. > > Emmanuel Gravel > egravel@elr346.ateng.az.honeywell.com Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message