[debian-user] Virus, Trojan, and Worm

07/03/2007, 21h40

Has antivirus software advanced to the point that the following excerpt
from Debian Administration (dated late 2004) is now invalid? I added
the square brackets and their content.

"Viruses are a fact of life nowadays, be they real viruses or worms
which require manual intervention on the [be]half of a user to [prevent]
propogate[propogation]. Unix systems tend to be immune from the viruses
themselves, but they still have mail queues full of viral messages."

--------------- Some Remarks ---------------
On Linux I never worried about such things but on Windows every day was
a problem, especially with worms. The antivirus software would identify
the worm and it's location and the antivirus developers said that worm
extraction was manual and not automated. I found this true until
recently when the newer versions on Windows now seem to automatically
extract the worm. So I was wondering (because of this article) if it is
now out dated and if the Linux antivirus packages now automatically deal
with the worms. I could never understand why removal of a worm was a
problem for an antivirus package. According to the developers all ll I
had to do was compress the worm infested file and then delete the file.
If I remember right I had my own approach which was to move the infested
file into a temp mail directory and then delete the directory .

Thanks, Ted

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

07/03/2007, 22h40

On Wed, Mar 07, 2007 at 02:36:46PM -0700, Ted Hilts - Thunderbird Acct. wrote:
> Has antivirus software advanced to the point that the following excerpt
> from Debian Administration (dated late 2004) is now invalid? I added
> the square brackets and their content.
>
> "Viruses are a fact of life nowadays, be they real viruses or worms
> which require manual intervention on the [be]half of a user to [prevent]
> propogate[propogation]. Unix systems tend to be immune from the viruses
> themselves, but they still have mail queues full of viral messages."

99.9% of evil programs (virus,worm,..) are written to run on a
machine(real or virtual) with a ms OS. A free OS machine can store an
email with an evil program with no damage to itself but if that email is
forwarded to a person with a ms OS, they could be affected.

--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFF7zkmv8UcC1qRZVMRAvgLAJ9iaHUYII++KLx9EKHtcI u4d8zQrwCdFf10
zElaEVCktNAINyXnheQofqk=
=91VN
-----END PGP SIGNATURE-----

10/04/2007, 05h30

On Wed, 07 Mar 2007 14:36:46 -0700
"Ted Hilts - Thunderbird Acct." <thilts33@telus.net> wrote:

> Has antivirus software advanced to the point that the following excerpt
> from Debian Administration (dated late 2004) is now invalid? I added
> the square brackets and their content.
>
> "Viruses are a fact of life nowadays, be they real viruses or worms
> which require manual intervention on the [be]half of a user to [prevent]
> propogate[propogation]. Unix systems tend to be immune from the viruses
> themselves, but they still have mail queues full of viral messages."

I would say that it's still relevant. Linux/Unix systems are less apt
to be propagators - for a virus/worm to work it must gain rights that
are in most cases that of privileged users. Still, most viruses/worms
(especially the latter) are propogated by emailing the content to
others, usually automatically. Since most mailers on Linux/unix are not
set up to automatically open *and run* attachments, at least some of
the damage is minimized.

I still get a few viruses and worms every so often - the "Microsoft
Update Patch" is one that's been circulating for years - and it's about
200K. Ouch.

If you're on a network, especially if you have a Linux/unix system that
does services for Windows machines connected to it, one really should
have antivirus toolkits on the Linux machine(s).

> had to do was compress the worm infested file and then delete the file.
> If I remember right I had my own approach which was to move the infested

Wouldn't it be easier to have the antivirus software deliver the file
to /dev/null?

> Thanks, Ted

--
------------------------------------------------------------------------
David E. Fox Thanks for letting me
dfox@tsoft.com change magnetic patterns
dfox@m206-157.dsl.tsoft.com on your hard disk.
-----------------------------------------------------------------------

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/04/2007, 22h10

You could try avg free
free.grisoft.com

On 4/10/07, Jim Hyslop <jhyslop@dreampossible.ca> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David E. Fox wrote:
> > If you're on a network, especially if you have a Linux/unix system that
> > does services for Windows machines connected to it, one really should
> > have antivirus toolkits on the Linux machine(s).
>
> Any particular recommendations?
>
> - --
> Jim Hyslop
> Dreampossible: Better software. Simply. http://www.dreampossible.ca
> Consulting * Mentoring * Training in
> C/C++ * OOD * SW Development & Practices * Version Management
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFGG/wjLdDyDwyJw+MRAhWpAKDrLI4rI5m6mHqo9t5ExmgL51puxQCd F+00
> vmT/ZdxFpbX0d6MWOnfEOyo=
> =3eqI
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

--
-Daniel ;-)

10/04/2007, 22h10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David E. Fox wrote:
> If you're on a network, especially if you have a Linux/unix system that
> does services for Windows machines connected to it, one really should
> have antivirus toolkits on the Linux machine(s).

Any particular recommendations?

- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFGG/wjLdDyDwyJw+MRAhWpAKDrLI4rI5m6mHqo9t5ExmgL51puxQCd F+00
vmT/ZdxFpbX0d6MWOnfEOyo=
=3eqI
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/04/2007, 22h20

On Tue, Apr 10, 2007 at 05:05:39PM -0400, Jim Hyslop wrote:
> David E. Fox wrote:
> > If you're on a network, especially if you have a Linux/unix system that
> > does services for Windows machines connected to it, one really should
> > have antivirus toolkits on the Linux machine(s).
>
> Any particular recommendations?
>

clamav for mail.

I think it will do directory scans too. apt-cache search anti virus
gets a few hits.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGG/3RaIeIEqwil4YRAix6AKCN6RHNR6o1hzYo5fPfd5LYTndvHACg xxKQ
EymugUMp0wP8LsUVPFG003M=
=OcFF
-----END PGP SIGNATURE-----

11/04/2007, 17h12

On Tue, 2007-04-10 at 21:06 +0000, Johnmon2 wrote:
> You could try avg free
> free.grisoft.com

NO. Do not use that. I've had a few run-ins with this company.

I've purchased multiple "site licenses" from them for multiple
companies. Eventually, after extending the licenses (two or three times
depending) and doing the "auto-update" feature, all the users started
getting the "you are using pirated software" and directs them to the
website to "become legal".

Of course immediately, I had to do "no-cost" site visits to fix this
issue for each and every company, Getting a "pro-rated for $remaining
time" license from Grisoft. Costing me about 110 hours of work I didn't
get paid for.

Well, Clamav for Windows works just as well and doesn't screw with the
SMTP or POP/IMAP process. I also have spam and av scanning done inline
with the MTA and IMAP servers, updated every night via freshclam and
RulesDuJour and other custom things... all to get away from Grisoft.

There isn't a single Anti-Virus *Company* I trust to do the right thing
anymore. I just use Clam-AV, updated. In the two years since, there has
only been one "virus" problem and that was brought in on a CDROM. They
called and I drove over at their cost to check and "fix" it. I also did
a complete checkup on the servers and backup systems as a bonus to the
company.

Seems nice that Clam also integrates with Samba if you want it to. But,
a nightly scan on the shares works well enough for me.
--
greg, greg@gregfolkert.net

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGHQcD7WZpcbUkaHwRApLOAJ9qO0zY2k5jKzqW8X5xZK 1YKqzSkwCfQrJ6
B987g/JOoHbDUX+jEjw6ff8=
=pt8U
-----END PGP SIGNATURE-----

07/03/2007, 21h40	#1
Ted Hilts - Thunderbird Acct. Messages: n/a Hébergeur:	[debian-user] Virus, Trojan, and Worm Has antivirus software advanced to the point that the following excerpt from Debian Administration (dated late 2004) is now invalid? I added the square brackets and their content. "Viruses are a fact of life nowadays, be they real viruses or worms which require manual intervention on the [be]half of a user to [prevent] propogate[propogation]. Unix systems tend to be immune from the viruses themselves, but they still have mail queues full of viral messages." --------------- Some Remarks --------------- On Linux I never worried about such things but on Windows every day was a problem, especially with worms. The antivirus software would identify the worm and it's location and the antivirus developers said that worm extraction was manual and not automated. I found this true until recently when the newer versions on Windows now seem to automatically extract the worm. So I was wondering (because of this article) if it is now out dated and if the Linux antivirus packages now automatically deal with the worms. I could never understand why removal of a worm was a problem for an antivirus package. According to the developers all ll I had to do was compress the worm infested file and then delete the file. If I remember right I had my own approach which was to move the infested file into a temp mail directory and then delete the directory . Thanks, Ted -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/04/2007, 05h30	#3
David E. Fox Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm On Wed, 07 Mar 2007 14:36:46 -0700 "Ted Hilts - Thunderbird Acct." <thilts33@telus.net> wrote: > Has antivirus software advanced to the point that the following excerpt > from Debian Administration (dated late 2004) is now invalid? I added > the square brackets and their content. > > "Viruses are a fact of life nowadays, be they real viruses or worms > which require manual intervention on the [be]half of a user to [prevent] > propogate[propogation]. Unix systems tend to be immune from the viruses > themselves, but they still have mail queues full of viral messages." I would say that it's still relevant. Linux/Unix systems are less apt to be propagators - for a virus/worm to work it must gain rights that are in most cases that of privileged users. Still, most viruses/worms (especially the latter) are propogated by emailing the content to others, usually automatically. Since most mailers on Linux/unix are not set up to automatically open and run attachments, at least some of the damage is minimized. I still get a few viruses and worms every so often - the "Microsoft Update Patch" is one that's been circulating for years - and it's about 200K. Ouch. If you're on a network, especially if you have a Linux/unix system that does services for Windows machines connected to it, one really should have antivirus toolkits on the Linux machine(s). > had to do was compress the worm infested file and then delete the file. > If I remember right I had my own approach which was to move the infested Wouldn't it be easier to have the antivirus software deliver the file to /dev/null? > Thanks, Ted -- ------------------------------------------------------------------------ David E. Fox Thanks for letting me dfox@tsoft.com change magnetic patterns dfox@m206-157.dsl.tsoft.com on your hard disk. ----------------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/04/2007, 22h10	#4
Johnmon2 Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm You could try avg free free.grisoft.com On 4/10/07, Jim Hyslop <jhyslop@dreampossible.ca> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > David E. Fox wrote: > > If you're on a network, especially if you have a Linux/unix system that > > does services for Windows machines connected to it, one really should > > have antivirus toolkits on the Linux machine(s). > > Any particular recommendations? > > - -- > Jim Hyslop > Dreampossible: Better software. Simply. http://www.dreampossible.ca > Consulting * Mentoring * Training in > C/C++ * OOD * SW Development & Practices * Version Management > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFGG/wjLdDyDwyJw+MRAhWpAKDrLI4rI5m6mHqo9t5ExmgL51puxQCd F+00 > vmT/ZdxFpbX0d6MWOnfEOyo= > =3eqI > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmaster@lists.debian.org > > -- -Daniel ;-)

10/04/2007, 22h10	#5
Jim Hyslop Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David E. Fox wrote: > If you're on a network, especially if you have a Linux/unix system that > does services for Windows machines connected to it, one really should > have antivirus toolkits on the Linux machine(s). Any particular recommendations? - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFGG/wjLdDyDwyJw+MRAhWpAKDrLI4rI5m6mHqo9t5ExmgL51puxQCd F+00 vmT/ZdxFpbX0d6MWOnfEOyo= =3eqI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/04/2007, 22h20	#6
Andrew Sackville-West Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm On Tue, Apr 10, 2007 at 05:05:39PM -0400, Jim Hyslop wrote: > David E. Fox wrote: > > If you're on a network, especially if you have a Linux/unix system that > > does services for Windows machines connected to it, one really should > > have antivirus toolkits on the Linux machine(s). > > Any particular recommendations? > clamav for mail. I think it will do directory scans too. apt-cache search anti virus gets a few hits. A -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGG/3RaIeIEqwil4YRAix6AKCN6RHNR6o1hzYo5fPfd5LYTndvHACg xxKQ EymugUMp0wP8LsUVPFG003M= =OcFF -----END PGP SIGNATURE-----

07/03/2007, 22h40	#2
Kevin Mark Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm On Wed, Mar 07, 2007 at 02:36:46PM -0700, Ted Hilts - Thunderbird Acct. wrote: > Has antivirus software advanced to the point that the following excerpt > from Debian Administration (dated late 2004) is now invalid? I added > the square brackets and their content. > > "Viruses are a fact of life nowadays, be they real viruses or worms > which require manual intervention on the [be]half of a user to [prevent] > propogate[propogation]. Unix systems tend to be immune from the viruses > themselves, but they still have mail queues full of viral messages." 99.9% of evil programs (virus,worm,..) are written to run on a machine(real or virtual) with a ms OS. A free OS machine can store an email with an evil program with no damage to itself but if that email is forwarded to a person with a ms OS, they could be affected. -- \| .''`. == Debian GNU/Linux == \| my web site: \| \| : :' : The Universal \|mysite.verizon.net/kevin.mark/\| \| `. `' Operating System \| go to counter.li.org and \| \| `- http://www.debian.org/ \| be counted! #238656 \| \| my keyserver: subkeys.pgp.net \| my NPO: cfsg.org \| -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFF7zkmv8UcC1qRZVMRAvgLAJ9iaHUYII++KLx9EKHtcI u4d8zQrwCdFf10 zElaEVCktNAINyXnheQofqk= =91VN -----END PGP SIGNATURE-----

11/04/2007, 17h12	#7
Greg Folkert Messages: n/a Hébergeur:	Re: [debian-user] Virus, Trojan, and Worm On Tue, 2007-04-10 at 21:06 +0000, Johnmon2 wrote: > You could try avg free > free.grisoft.com NO. Do not use that. I've had a few run-ins with this company. I've purchased multiple "site licenses" from them for multiple companies. Eventually, after extending the licenses (two or three times depending) and doing the "auto-update" feature, all the users started getting the "you are using pirated software" and directs them to the website to "become legal". Of course immediately, I had to do "no-cost" site visits to fix this issue for each and every company, Getting a "pro-rated for $remaining time" license from Grisoft. Costing me about 110 hours of work I didn't get paid for. Well, Clamav for Windows works just as well and doesn't screw with the SMTP or POP/IMAP process. I also have spam and av scanning done inline with the MTA and IMAP servers, updated every night via freshclam and RulesDuJour and other custom things... all to get away from Grisoft. There isn't a single Anti-Virus Company I trust to do the right thing anymore. I just use Clam-AV, updated. In the two years since, there has only been one "virus" problem and that was brought in on a CDROM. They called and I drove over at their cost to check and "fix" it. I also did a complete checkup on the servers and backup systems as a bonus to the company. Seems nice that Clam also integrates with Samba if you want it to. But, a nightly scan on the shares works well enough for me. -- greg, greg@gregfolkert.net Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBGHQcD7WZpcbUkaHwRApLOAJ9qO0zY2k5jKzqW8X5xZK 1YKqzSkwCfQrJ6 B987g/JOoHbDUX+jEjw6ff8= =pt8U -----END PGP SIGNATURE-----

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email