You're talking about removing viruses though. I'm talking about preventing
them. Anybody can manually remove a virus from a Windows machine, it's
really easy. I can even remove W95.MTX (The Matrix) virus in 5 minutes.
I'm not sure of any network admin that wants to spend their time removing
viruses though. I think the easiest way to go about virus safety is just
make it more difficult to get a virus. Thus disabling scripting. Of course
many of Microsoft's auto updates are kind enough to enable it again. That's
why you use a program like Autoinstall to role out your updates. ;)
>From: "Magus Ba'al" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: RE: Anti Virus for Debian
>Date: Wed, 21 Feb 2001 09:32:28 -0700
>
>After ILOVEYOU first came out and AV vendors didn't have a fix for it, we
>had to figure out a way to quickly disable the virus. So I spent 5min
>finding the reg key and writing 2 scripts to make the default action Edit,
>instead of Open, and another in reverse, make the default action Open
>instead of Edit. I wouldn't suggest renaming wscript.exe, jscript.exe or
>csscript.exe, as Critical Updates, Repairing, or Upgrading IE will just put
>those files back in place. The javascripts are attached, take a peek and
>see
>if they fit the bill. If not, at least you still have the option to quickly
>disable VBS scripting :)
>
>
>
>
>-----Original Message-----
>From: Daniel Stark [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, February 21, 2001 9:12 AM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: Anti Virus for Debian
>
>
>Speaking of Windows and *.vbs attacks. What you should really do is
>disable
>the scripting host on all of your Windows machines. For those of you who
>don't know, you can just rename "wscript.exe" "jscript.exe" and
>"cscript.exe". There's a good chance you'll only have one of them.
>
>
> >From: Bradley M Alexander <[EMAIL PROTECTED]>
> >To: Mario Zuppini <[EMAIL PROTECTED]>
> >CC: Matthew Sherborne <[EMAIL PROTECTED]>,
> >[EMAIL PROTECTED]
> >Subject: Re: Anti Virus for Debian
> >Date: Mon, 19 Feb 2001 23:35:01 -0500
> >
> >On Tue, Feb 20, 2001 at 01:59:20PM +1000, Mario Zuppini wrote:
> > > I would also like to know of virus scanners especially for mail
>servers
> >ie
> > > sendmail
> > > that will work on a SPARC ???
> > >
> > > there are a few that work under i386 ie like amavris etc can be found
>on
> > > freshmeat.net
> > > but nothing will work under a sparc
> >
> >As a quick and dirty option, you can use procmail to filter. Depending on
> >your security posture and thread environment, you can filter on
> >multi-extension vbs files (e.g. AnnaKournikova.jpg.vbs), all VBS files,
>exe
> >files, or any combination. You could filter them to a quarantine area,
>then
> >peruse them at your leisure.
> >
> >You should combine this with turning off auto execute of attachments on
>all
> >of your windows boxen.
> >
> >--
> >--Brad
> >===========================================================================
>=
> >Bradley M. Alexander, CISSP | Co-Chairman,
> >Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG
> >Winstar Telecom | [EMAIL PROTECTED]
> >(703) 889-1049 | [EMAIL PROTECTED]
> >===========================================================================
>=
> >Those who trade liberty for security have neither.
> >
> >
> >--
> >To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> >with a subject of "unsubscribe". Trouble? Contact
> >[EMAIL PROTECTED]
> >
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact
>[EMAIL PROTECTED]
>
><< VBSscripts.zip >>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
