Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Feb 2005 17:50:08 +1100
From:      Murray Taylor <mtaylor@bytecraft.com.au>
To:        Bart Silverstrim <bsilver@chrononomicon.com>
Cc:        freebsdquestions <freebsd-questions@freebsd.org>
Subject:   Re: Virus question
Message-ID:  <1108363808.80214.28.camel@wstaylorm.dand06.au.bytecraft.au.com>
In-Reply-To: <a161a401e52fd9840f1b5ecbd66bd6c5@chrononomicon.com>
References:  <20050211135111.D33012@gwhs.kana.k12.wv.us> <a161a401e52fd9840f1b5ecbd66bd6c5@chrononomicon.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2005-02-12 at 05:59, Bart Silverstrim wrote:
> On Feb 11, 2005, at 1:55 PM, Karen Donathan wrote:
> 
> > To Whom it may concern:
> >
> > My name is Karen Donathan and I am a computer science teacher at 
> > George Washington High School in Charleston, WV.  We run our website 
> > (http://gwhs.kana.k12.wv.us) on a FreeBSD server.  This project was 
> > given to me, and I am afraid that I really should know more about how 
> > this works.
> >
> > My question is as follows:  How can I run a virus scan on my system?  
> > What scan do you recommend?
> >
> > The reason I am asking this question is that our school system 
> > administrator just found that there were some files infected with 
> > Klez.h in the webroot directory of our server.  He found this out as 
> > he downloaded some files from this directory to our Windows-XP school 
> > server, and Norton flagged it right away.
> >
> > Any suggestions?
> 
> The FreeBSD server itself is immune to that virus.  I'd look at the 
> files and ask how they got there (who put them there).
> 
> Second, personally I'd recommend you go into the ports tree and install 
> ClamAV.  Then you can run Clamscan and that will flag which files are 
> "infected".  Then you can go through and delete them or quarantine 
> them.
> 
> -Bart
> 

Sophos is a commercial virus scanner that can be installed and 
run on both FreeBSD and Windows platforms. (Obviously different
runtime apps, but the identity files etc are common) And once you
have purchased your license, updates of both engines and the .ide
files can be scripted via cron very easily.

We also use Spamassassin in the firewall DMZ...

(belts, braces and bootlaces...)
 
NB the Mailmarshal tag is part of the Sophos stuff too.. its a mail
system scanner / filter system that uses the Sophos scanner underneath
the hood.

***This Email has been scanned for Viruses by MailMarshal.***
-- 
Murray Taylor
Special Projects Engineer
---------------------------------
Bytecraft Systems & Entertainment
P: +61 3 8710 2555
F: +61 3 8710 2599
D: +61 3 9238 4275
M: +61 417 319 256
E: mtaylor@bytecraft.com.au
or visit us on the web
http://www.bytecraftsystems.com
http://www.bytecraftentertainment.com


---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material. 

E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------

***This Email has been scanned for Viruses by MailMarshal.***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1108363808.80214.28.camel>