<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: Re[2]: [ga] Reliability of the Internet - the silent battle - part 2
On Wed, 7 Nov 2001, Roeland Meyer wrote:
> |> From: William X Walsh [mailto:william@wxsoft.info]
> |> Sent: Wednesday, November 07, 2001 3:02 AM
> |>
> |> Wednesday, Wednesday, November 07, 2001, 3:04:31 AM, Roeland
> |> Meyer wrote:
>
> |> > My filters had already renamed it to the DAT type, which
> |> is a non-executable
> |> > type under windows, and I manually deleted the attachment
> |> from the message.
> |> > Apparently, that was unsuccessful. If Norton detected it
> |> then either NAV is
> |> > using external message data or I indeed failed to remove
> |> the attachment.
> |>
> |> It must have used the external data, my copy that come from the list
> |> did not have the attachment.
>
> Thanks William. This indicates a problem with NAV. It's not the first time
> that NAV has shown false-positives. Only binary scans of the actual
> attachment is valid. Basing detection on external data isn't. I'm glad to
> hear that my kill methods worked though, as I said, I wont be doing that
> again soon. I am saddened to hear that Norton Anti-Virus, any edition, may
> not be adequate.
>
There was no virus - Peter said he was 'cleaning' his NT boxes. There is
no way to clean them - Period. You have to start all over preferably
repartitioning and then format/install.
Peter uses NAV corp, which doesn't effectively stop NIMDA (which is the
only thing out there right now that would cause him to stay up day and
night trying to 'clean' his NT Box.
The 'fixnimda' tool avaiable from SARC doesn't shore up the root'ing of
your NT box - NIMDA is gone, but the leftovers of root kit is just waiting
for the next NIMDA to compromise your box again.
Symantec and Carnegie Mellon say to completely re-inistall or suffer your
customers the consequences and they are right.
Gartner Group says stop using IIS.
> It does prove another point, however, that there is no magic bullet for
> these things. MHSC servers withstood Code Red and Nimda attacks, for two
> solid weeks, that were sufficiently severe to use 80% of our WAN bandwidth,
> 24x7x2. It was a PITA, but I let it run because the servers seemed to be
> holding up well. Good architecture and systems policies are the only real
> answer and that takes a knowlegable hand at the tiller. A "magic" program,
> by itself, isn't going to save your servers. They have flaws too.
>
> Now that I've left everyone with that comforting thought, g'night all.
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>
Bradley D. Thornton
Chief Technology Officer
The PacificRoot/Joint Technologies Ltd.
http://www.PacificRoot.com
http://www.JointTech.com
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|