- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Virus infection found in HPUX samba shares
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 04:54 AM
тАО08-05-2009 04:54 AM
We are using HPUX 11.00 and some directories are being shared thru samba.
Recently the Risk "W32.Topion.B" infected Desktop (winxp), due to that some windows share and Unix share (samba) have been affected.
The infection is it will create the two files "Autorun.inf" and "fun.xls.exe" in parent directory of share folder and it will create the file .exe for all the folders available in shares.
For example:
we are having one HPUX share "\\10.0.0.198\ite\" (samba share name).
This share has following folders.
soft
hard
production
manufacturing
After infection the share "\\10.0.0.198\ite\" contain following files and folders.
Autorun.inf
fun.xls.exe
soft
soft.exe
hard
hard.exe
production
production.exe
manufacturing
manufacturing.exe
I need some solution for my below qutions:
1) How to creat a script to send mail automatically immediately after geting infected like above?
2)or how ot monitor samba share in symantec for the finding the infections automatically.
And control the infections.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 05:00 AM
тАО08-05-2009 05:00 AM
SolutionHow did you find out that you were infected? Whatever process discovered the infection is the process that need to be scripted. You could also set up a cron jab that would search the samba shared using the find command (find /samba/share -name *.exe -o -name *.inf) but that's pretty crude.
>> 2)or how ot monitor samba share in symantec for the finding the infections automatically.
Since this is a HP-UX forum and, as far as I know, Symantec does not offer its AV software for HP-UX, I would think you would have to ask Symantec that one.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 05:28 AM
тАО08-05-2009 05:28 AM
Re: Virus infection found in HPUX samba shares
You need to start as to how the virus got on the PC in the first place.
You need to ensure that virus protection is being done regularly and being pushed out to all your Windows servers/PC's on a timely basis.
And you to ensure that the staff understands they should not be downloading things to their work PC, nor putting suspect CD's, USB devices, or any attachments from email.
Pro-active is the only way!
Kindest regards,
Rita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 05:31 AM
тАО08-05-2009 05:31 AM
Re: Virus infection found in HPUX samba shares
the virus noted came from the Windows side of the operation. you need to set up your antivirus *there* and set it up so it can "see" the shared drive and "fix" it.
1) Anything you come up with internally that looks for those files will only "catch" that specific virus.
2) This is usually done by placing the AV software on any PC that accesses the share.
And in today's world, basically every PC that is connected in any way to any network should have AV software installed and operating. There are just too many different ways to get a virus, such as e-mail, downloaded files, another pc on the network gets infected and so on.
basically this ISNT an Unix problem, its a Windows issue, and thats where it needs to be addressed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 06:12 AM
тАО08-05-2009 06:12 AM
Re: Virus infection found in HPUX samba shares
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 06:41 AM
тАО08-05-2009 06:41 AM
Re: Virus infection found in HPUX samba shares
Keep in mind that the hp-ux server just stores every file that comes from your PCs - regardless what it is.
As long as the PCs are infected they will try to distribute the worm (this is the nature of that worms).
http://www.symantec.com/security_response/writeup.jsp?docid=2009-071102-4352-99&tabid=2
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!