Focus on Virus
RE: How to - Scan a Windows machine for virus from a Linux machine Nov 16 2006 07:56AM
Quark IT - Hilton Travis (Hilton quarkit com au)
Hi Matt,

That's a good part of what I was wondering and what I asked earlier.

Anyone who kept infected machines on a network I was responsible for would be looking for employment and probably quite unwilling to have future employers ask me for a reference.

Regards,

Hilton Travis

War doesn't determine who is right. War determines who is left.

Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark IT

-=-=-=-=-=-=-=-=

From: Kofron, Matt [mailto:Matt.Kofron (at) AGEDWARDS (dot) com [email concealed]]
Sent: Thursday, 16 November 2006 5:37 PM
To: Ivan Aleman; Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: How to - Scan a Windows machine for virus from a Linux machine

If you have known infected workstations, why are they still on the LAN? 
 
________________________________________
From: Ivan Aleman [mailto:bonovoxmofo (at) gmail (dot) com [email concealed]]
Sent: Wed 11/15/2006 9:25 AM
To: Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: How to - Scan a Windows machine for virus from a Linux machine
2006/11/14, Quark IT - Hilton Travis <Hilton (at) quarkit.com (dot) au [email concealed]>:
> Hi Ivan,
>
> There simply is no OSS AV product capable of doing what you are wanting to achieve.  Besides, running scheduled scans is far, far from an effective way to stop viruses and other malware - you are orders of magnitude better off by running an on-access scanner that scans in realtime to stop infections happening, not trying to clean up after an infection has occurred.
>
Hello Hilton,
Indeed my intention is not to run the AV from Linux on an special
schedule, my intention is to disinfect one machine (or two maybe :) )
due that they are already infected, and the AV installed on them is
not doing the job. Of course I am aware that an on-access scanner is
the best solution but in my actual scenario the machines are already
'compromised' (they are configured to do on-access scanning, though)
then it occur to me that doing a disinfection from a Linux machine
over the LAN could be a good idea instead reformatting the machines,
that's what I started this thread and yes is not a good idea in the
sense that it is not very straight forward and even in a 1Gbit LAN is
going to be slow, of course what you mention in another mail about
that using smbfs and ClamAV will possible not scan all the files due
to locks and etc. but still this can work in some cases, it is just
another tool/method against these kind of problems.
Thank you for sharing your thoughts.
--
Iván Alemán

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus