Date: Tue, 14 Sep 2004 23:55:11 -0700 From: Pat Lashley <patl+freebsd@volant.org> To: "Eric W. Bates" <ericx_lists@vineyard.net>, Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine Message-ID: <B7A193EBF32592C1BC9C6000@vanvoght.phoenix.volant.org> In-Reply-To: <414793FF.3000008@vineyard.net> References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <414793FF.3000008@vineyard.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" <ericx_lists@vineyard.net> wrote: > It's a small store. Folks with broken computers bring the > machines in because "It doesn't work". They usually don't > know what is wrong with any given machine; and they try to > be careful (remove the hard drive and attempt to clean it > first); but eventually there is a need to put the machine > on line and try to update Norton's virus list. Befoe bringing it on-line, why not mount the disk on a FreeBSD machine and run ClamAV over all the files? It's not guaranteed to catch everything; but it should at least reduce the window. You could also consider setting it up so that the initial reconnection is on a separate cable going through a firewall that -only- allows the connections necessary to update the Norton virus list. Once it is updated, unplug it from the network, run the virus check, and only then plug it into your main LAN. -Pat
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B7A193EBF32592C1BC9C6000>