Well, it's been a few hours now that I have been messing with it. It isn't all that easy to clean up, even with the new definition tables, F-prot linux scanner will report clean with clearly infected .eml(s) laying everywhere. Norton isn't much better running over a mounted drive from a win2K box. RAV antivirus is about the only scanner i've found thusfar that has the horsepower to clean this thing up. If you had an infected host connected to your samba server, you have infected files in every directory writable by the user on that host. These files are probably .dll(s) and .eml(s) but i have seen other extentions like .wml Also, the file names seem to be datasource*.eml but they may also be 20010531.eml (it's that old!) or they may be random strings of integers with a .eml or .wml extension. And they will be EVERYWHERE possible. This thing isn't fun. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 22:11:41 PDT