From owner-freebsd-questions@FreeBSD.ORG Mon Feb 14 06:50:54 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E35516A4CF for ; Mon, 14 Feb 2005 06:50:54 +0000 (GMT) Received: from wolf.bytecraft.au.com (wolf.bytecraft.au.com [203.39.118.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6240543D4C for ; Mon, 14 Feb 2005 06:50:52 +0000 (GMT) (envelope-from MTaylor@bytecraft.com.au) Received: from localhost (localhost [127.0.0.1])j1E6ogI7029498; Mon, 14 Feb 2005 17:50:42 +1100 (EST) (envelope-from MTaylor@bytecraft.com.au) Received: from wolf.bytecraft.au.com ([127.0.0.1]) by localhost (wolf.bytecraft.au.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29124-04; Mon, 14 Feb 2005 17:50:41 +1100 (EST) Received: from svmarshal.bytecraft.au.com ([10.0.0.4])j1E6o9qT029489; Mon, 14 Feb 2005 17:50:09 +1100 (EST) (envelope-from MTaylor@bytecraft.com.au) Received: from svmailmel.bytecraft.internal (Not Verified[10.0.0.24]) by svmarshal.bytecraft.au.com with MailMarshal (v5,0,3,78) id ; Mon, 14 Feb 2005 17:50:08 +1100 Received: from [10.0.17.42] ([10.0.17.42]) by svmailmel.bytecraft.internal with Microsoft SMTPSVC(6.0.3790.211); Mon, 14 Feb 2005 17:50:08 +1100 From: Murray Taylor To: Bart Silverstrim In-Reply-To: References: <20050211135111.D33012@gwhs.kana.k12.wv.us> Content-Type: text/plain Organization: Bytecraft Systems Message-Id: <1108363808.80214.28.camel@wstaylorm.dand06.au.bytecraft.au.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Mon, 14 Feb 2005 17:50:08 +1100 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 14 Feb 2005 06:50:08.0741 (UTC) FILETIME=[6C436150:01C51261] cc: Karen Donathan cc: freebsdquestions Subject: Re: Virus question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mtaylor@bytecraft.com.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2005 06:50:54 -0000 On Sat, 2005-02-12 at 05:59, Bart Silverstrim wrote: > On Feb 11, 2005, at 1:55 PM, Karen Donathan wrote: > > > To Whom it may concern: > > > > My name is Karen Donathan and I am a computer science teacher at > > George Washington High School in Charleston, WV. We run our website > > (http://gwhs.kana.k12.wv.us) on a FreeBSD server. This project was > > given to me, and I am afraid that I really should know more about how > > this works. > > > > My question is as follows: How can I run a virus scan on my system? > > What scan do you recommend? > > > > The reason I am asking this question is that our school system > > administrator just found that there were some files infected with > > Klez.h in the webroot directory of our server. He found this out as > > he downloaded some files from this directory to our Windows-XP school > > server, and Norton flagged it right away. > > > > Any suggestions? > > The FreeBSD server itself is immune to that virus. I'd look at the > files and ask how they got there (who put them there). > > Second, personally I'd recommend you go into the ports tree and install > ClamAV. Then you can run Clamscan and that will flag which files are > "infected". Then you can go through and delete them or quarantine > them. > > -Bart > Sophos is a commercial virus scanner that can be installed and run on both FreeBSD and Windows platforms. (Obviously different runtime apps, but the identity files etc are common) And once you have purchased your license, updates of both engines and the .ide files can be scripted via cron very easily. We also use Spamassassin in the firewall DMZ... (belts, braces and bootlaces...) NB the Mailmarshal tag is part of the Sophos stuff too.. its a mail system scanner / filter system that uses the Sophos scanner underneath the hood. ***This Email has been scanned for Viruses by MailMarshal.*** -- Murray Taylor Special Projects Engineer --------------------------------- Bytecraft Systems & Entertainment P: +61 3 8710 2555 F: +61 3 8710 2599 D: +61 3 9238 4275 M: +61 417 319 256 E: mtaylor@bytecraft.com.au or visit us on the web http://www.bytecraftsystems.com http://www.bytecraftentertainment.com --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ***This Email has been scanned for Viruses by MailMarshal.***