-----Original Message-----
From: Ivan Aleman [mailto:bonovoxmofo@gmail.com]
Sent: Thursday, 16 November 2006 1:59 AM
2006/11/14, Quark IT - Hilton Travis <Hilton@quarkit.com.au>:
Hi Ivan,
There simply is no OSS AV product capable of doing what you are
wanting to achieve. Besides, running scheduled scans is far, far from
an effective way to stop viruses and other malware - you are orders of
magnitude better off by running an on-access scanner that scans in
realtime to stop infections happening, not trying to clean up after an
infection has occurred.
Hello Hilton,
Indeed my intention is not to run the AV from Linux on an special
schedule, my intention is to disinfect one machine (or two maybe :) )
due that they are already infected, and the AV installed on them is
not doing the job. Of course I am aware that an on-access scanner is
the best solution but in my actual scenario the machines are already
'compromised' (they are configured to do on-access scanning, though)
then it occur to me that doing a disinfection from a Linux machine
over the LAN could be a good idea instead reformatting the machines,
that's what I started this thread and yes is not a good idea in the
sense that it is not very straight forward and even in a 1Gbit LAN is
going to be slow, of course what you mention in another mail about
that using smbfs and ClamAV will possible not scan all the files due
to locks and etc. but still this can work in some cases, it is just
another tool/method against these kind of problems.
Thank you for sharing your thoughts.
--
Iván Alemán
Albeit not a very effective use of your time, effort and resources.
The BEST move is to flatten and rebuild the infected machines since BitDefender
seems to be unable to do its job properly and stop infections occurring. Then
to replace the underperforming AV with something effective. The longer you
leave these machines on your network, the more of a disservice you are giving
to its users and your employer.
Trying to do what you are looking at will not bring the results that you are
looking for. You need to bite the bullet and do what's necessary and not try
to save a dollar or two here when the system is already in a compromised state.
--
Regards,
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
Quark Group Pty. Ltd.
T/A Quark Automation, Quark AudioVisual, Quark IT
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
