Harlan Carvey wrote:
> Gadi, > > For the sake of the list, would you be willing to > share the answer you received?
Begin quote>>> ST wrote: --------- It relatively easy if the virus is detectable remotely i.e. it has a component listening on a port. A simple nmap scan followed by a remote connect and run of the disinfection tool will work. I prefer this approach over using the directory service as it catches all active machines, irrespective of whether they are in the directory or not.
Another approach is to use a login script that runs the disinfection util automatically, subsequent logins do not run the script. I used the absence of a file in a directory to indicate that the util had to be run, run the script and then *IF* successful, create the flag file.
A combo of these methods will rapidly and effectivly catch most of the infected machines and remove them. -----
Gadi.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
