On 2006-11-15 Ivan Aleman wrote:
> 2006/11/14, Quark IT - Hilton Travis <Hilton (at) quarkit.com (dot) au [email concealed]>:
>> There simply is no OSS AV product capable of doing what you are
>> wanting to achieve. Besides, running scheduled scans is far, far
>> from an effective way to stop viruses and other malware - you are
>> orders of magnitude better off by running an on-access scanner that
>> scans in realtime to stop infections happening, not trying to clean
>> up after an infection has occurred.
>
> Indeed my intention is not to run the AV from Linux on an special
> schedule, my intention is to disinfect one machine (or two maybe :) )
> due that they are already infected, and the AV installed on them is
> not doing the job.

The only reliable method to clean an infected machine is:

1. backup the data
2. flatten
3. re-install
4. restore the data (check prior to restore)

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

> Of course I am aware that an on-access scanner is the best solution
> but in my actual scenario the machines are already 'compromised' (they
> are configured to do on-access scanning, though) then it occur to me
> that doing a disinfection from a Linux machine over the LAN could be a
> good idea instead reformatting the machines,

It isn't.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]