topic Re: Virus for OpenVMS in Operating System - OpenVMS

Virus for OpenVMS

Sentosa — Wed, 30 May 2007 04:19:30 GMT

Dear Sir/Madam,

Could anyone know that the virus in PC can attack OpenVMS's system & files?

If yes, any preventive method can apply for OpenVMS?

Thanks,
Sentosa

Re: Virus for OpenVMS

labadie_1 — Wed, 30 May 2007 04:35:27 GMT

A PC virus (like Iloveyou) is harmless to Vms.

If a Vms node has Pathworks/Advanced server/Samba, with PC files being backuped, it can be wise to run an Antivirus on such files (.doc, .xls ...). Sophos has such a tool, see

http://www.yuikee.com.hk/anti-virus/sophos/savvms.html

Re: Virus for OpenVMS

Jan van den Ende — Wed, 30 May 2007 04:35:59 GMT

Sentosa

>>>
Could anyone know that the virus in PC can attack OpenVMS's system
<<<
VERY definitely NO
>>>
& files?
<<<
If these files are on a (Pathworks, NFS, CIFS) share,: Yes, but then they can only hurt PCs accessing these shares. Same, if you have a Mac or Linux virus, it can only harm that specific platform.

See Hoffs blog on the subject:
http://64.223.189.234/node/322

>>>
If yes, any preventive method can apply for OpenVMS?
<<<
Sophos makes a virus scanner that runs on VMS and checks for other-platform virusses:
http://www.sophos.com/

hth

Proost.

Have one on me.

jpe

Re: Virus for OpenVMS

Ian Miller. — Wed, 30 May 2007 06:15:18 GMT

There has never been a virus for VMS in 30 years and it is unlikely there will ever be.

If you store files on VMS for softer operating systems like windows then those files can hold viruses.

To check for these then a tool like the Sophos product already mentioned or ClamAV (VMS port available at http://fafner.dyndns.org/~alexey/clamav/)

Re: Virus for OpenVMS

Heuser-Hofmann — Wed, 30 May 2007 10:22:48 GMT

Someone wrote a DECnet worm long time ago:
==========================================
Folder: ALEPH.GENERAL
Subject: The DECnet Worm (Virus)
From: ALWS::SYSTEM
Date: 17-OCT-1989 18:20:46, Expires: 20-OCT-1989 17:28:07

It has been found that the worm that attacked us yesterday
and this morning is fairly malicious. The worm copies the
rightslist of a remote system and attempts to break-in using
password=username. Once it has entered, it changes the password
and attempts to continue on to another system. If it obtains
access to an account with SYSPRV privilege, it does even more
damage.

Please check your accounts for any unfamiliar command file
(xxxx.COM). If you find such a file that was created recently,
send a message to SYSTEM immediately. We will occasionally
reconnect the ethernet where we will be vulnerable to the worm,
however, as long as users have passwords that are NOT their
username, we should be safe. Other access points, such as the
DECNET and FIELD accounts, will be modified.

Steps are being taken to eradicate the worm. CERN/DD has
decided that they will not close the lab to the outside world.
The victims (i.e., us) will have to close themselves off.
Unfortunately, we will have to remain this way until we get
further notice. Therefore reconnection of ethernet will only
be provided under supervision and for special circumstances only.
Contact us at 7360 for arrangements.

Hopefully this will be over soon!

Makoto
=============================================

Eberhard

Re: Virus for OpenVMS

Jan van den Boogaard — Wed, 30 May 2007 10:44:09 GMT

That worm was a long time ago, but I recall. It was a deliberate attack from a DEC employee in Northern Europe, but ppl got rather scared!!

Re: Virus for OpenVMS

Peter Zeiszler — Wed, 30 May 2007 10:59:12 GMT

Code red attacked port 135 which happens to be a default port for DCE. This could have produced a denial of service attack and would have affected only port 135 or DCE. HP patched DCE for that reason.

So a virus could have affected a VMS system but was not on the VMS system. This is more of a DoS on a VMS machine which could be carried out on any type of system using network.

Re: Virus for OpenVMS

Dean McGorrill — Wed, 30 May 2007 18:08:24 GMT

We had a couple of security holes come by
that I worked on in decnet, but we plugged
em up asap. I was unlucky enough to be around as a system manager for the breakin at dec by kevin mitnick & crew in the 80's.
My recollection is that it began with a
valid user/pwd combo. Other then getting hit
with a zillion connects, that could use up
resources, VMS is a wonderful OS!

Re: Virus for OpenVMS

Sentosa — Thu, 31 May 2007 20:29:39 GMT

thanks