Hi Matt,
That's a good part of what I was wondering and what I asked earlier.
Anyone who kept infected machines on a network I was responsible for would be
looking for employment and probably quite unwilling to have future employers
ask me for a reference.
Regards,
Hilton Travis
War doesn't determine who is right. War determines who is left.
Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark IT
-=-=-=-=-=-=-=-=
From: Kofron, Matt [mailto:Matt.Kofron@AGEDWARDS.com]
Sent: Thursday, 16 November 2006 5:37 PM
To: Ivan Aleman; Quark IT - Hilton Travis
Cc: focus-virus@securityfocus.com
Subject: RE: How to - Scan a Windows machine for virus from a Linux machine
If you have known infected workstations, why are they still on the LAN?
________________________________________
From: Ivan Aleman [mailto:bonovoxmofo@gmail.com]
Sent: Wed 11/15/2006 9:25 AM
To: Quark IT - Hilton Travis
Cc: focus-virus@securityfocus.com
Subject: Re: How to - Scan a Windows machine for virus from a Linux machine
2006/11/14, Quark IT - Hilton Travis <Hilton@quarkit.com.au>:
Hi Ivan,
There simply is no OSS AV product capable of doing what you are wanting to
achieve. Besides, running scheduled scans is far, far from an effective way
to stop viruses and other malware - you are orders of magnitude better off by
running an on-access scanner that scans in realtime to stop infections
happening, not trying to clean up after an infection has occurred.
Hello Hilton,
Indeed my intention is not to run the AV from Linux on an special
schedule, my intention is to disinfect one machine (or two maybe :) )
due that they are already infected, and the AV installed on them is
not doing the job. Of course I am aware that an on-access scanner is
the best solution but in my actual scenario the machines are already
'compromised' (they are configured to do on-access scanning, though)
then it occur to me that doing a disinfection from a Linux machine
over the LAN could be a good idea instead reformatting the machines,
that's what I started this thread and yes is not a good idea in the
sense that it is not very straight forward and even in a 1Gbit LAN is
going to be slow, of course what you mention in another mail about
that using smbfs and ClamAV will possible not scan all the files due
to locks and etc. but still this can work in some cases, it is just
another tool/method against these kind of problems.
Thank you for sharing your thoughts.
--
Iván Alemán
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
