Speaking of Windows and *.vbs attacks. What you should really do is disable
the scripting host on all of your Windows machines. For those of you who
don't know, you can just rename "wscript.exe" "jscript.exe" and
"cscript.exe". There's a good chance you'll only have one of them.
From: Bradley M Alexander <[EMAIL PROTECTED]>
To: Mario Zuppini <[EMAIL PROTECTED]>
CC: Matthew Sherborne <[EMAIL PROTECTED]>,
[email protected]
Subject: Re: Anti Virus for Debian
Date: Mon, 19 Feb 2001 23:35:01 -0500
On Tue, Feb 20, 2001 at 01:59:20PM +1000, Mario Zuppini wrote:
> I would also like to know of virus scanners especially for mail servers
ie
> sendmail
> that will work on a SPARC ???
>
> there are a few that work under i386 ie like amavris etc can be found on
> freshmeat.net
> but nothing will work under a sparc
As a quick and dirty option, you can use procmail to filter. Depending on
your security posture and thread environment, you can filter on
multi-extension vbs files (e.g. AnnaKournikova.jpg.vbs), all VBS files, exe
files, or any combination. You could filter them to a quarantine area, then
peruse them at your leisure.
You should combine this with turning off auto execute of attachments on all
of your windows boxen.
--
--Brad
============================================================================
Bradley M. Alexander, CISSP | Co-Chairman,
Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG
Winstar Telecom | [EMAIL PROTECTED]
(703) 889-1049 | [EMAIL PROTECTED]
============================================================================
Those who trade liberty for security have neither.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
