HPE Community
Operating System - OpenVMS
1828189 Members
2169 Online
109975 Solutions
New Discussion

Virus for OpenVMS

 
Sentosa
Frequent Advisor

‎05-29-2007 09:19 PM

‎05-29-2007 09:19 PM

Virus for OpenVMS

Dear Sir/Madam,

Could anyone know that the virus in PC can attack OpenVMS's system & files?

If yes, any preventive method can apply for OpenVMS?

Thanks,
Sentosa
0 Kudos
8 REPLIES 8
labadie_1
Honored Contributor

‎05-29-2007 09:35 PM

‎05-29-2007 09:35 PM

Re: Virus for OpenVMS

A PC virus (like Iloveyou) is harmless to Vms.

If a Vms node has Pathworks/Advanced server/Samba, with PC files being backuped, it can be wise to run an Antivirus on such files (.doc, .xls ...). Sophos has such a tool, see

http://www.yuikee.com.hk/anti-virus/sophos/savvms.html


0 Kudos
Jan van den Ende
Honored Contributor

‎05-29-2007 09:35 PM

‎05-29-2007 09:35 PM

Re: Virus for OpenVMS

Sentosa

>>>
Could anyone know that the virus in PC can attack OpenVMS's system
<<<
VERY definitely NO
>>>
& files?
<<<
If these files are on a (Pathworks, NFS, CIFS) share,: Yes, but then they can only hurt PCs accessing these shares. Same, if you have a Mac or Linux virus, it can only harm that specific platform.

See Hoffs blog on the subject:
http://64.223.189.234/node/322

>>>
If yes, any preventive method can apply for OpenVMS?
<<<
Sophos makes a virus scanner that runs on VMS and checks for other-platform virusses:
http://www.sophos.com/

hth

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Ian Miller.
Honored Contributor

‎05-29-2007 11:15 PM

‎05-29-2007 11:15 PM

Re: Virus for OpenVMS

There has never been a virus for VMS in 30 years and it is unlikely there will ever be.

If you store files on VMS for softer operating systems like windows then those files can hold viruses.

To check for these then a tool like the Sophos product already mentioned or ClamAV (VMS port available at http://fafner.dyndns.org/~alexey/clamav/)

____________________
Purely Personal Opinion
0 Kudos
Heuser-Hofmann
Frequent Advisor

‎05-30-2007 03:22 AM

‎05-30-2007 03:22 AM

Re: Virus for OpenVMS

Someone wrote a DECnet worm long time ago:
==========================================
Folder: ALEPH.GENERAL
Subject: The DECnet Worm (Virus)
From: ALWS::SYSTEM
Date: 17-OCT-1989 18:20:46, Expires: 20-OCT-1989 17:28:07

It has been found that the worm that attacked us yesterday
and this morning is fairly malicious. The worm copies the
rightslist of a remote system and attempts to break-in using
password=username. Once it has entered, it changes the password
and attempts to continue on to another system. If it obtains
access to an account with SYSPRV privilege, it does even more
damage.

Please check your accounts for any unfamiliar command file
(xxxx.COM). If you find such a file that was created recently,
send a message to SYSTEM immediately. We will occasionally
reconnect the ethernet where we will be vulnerable to the worm,
however, as long as users have passwords that are NOT their
username, we should be safe. Other access points, such as the
DECNET and FIELD accounts, will be modified.

Steps are being taken to eradicate the worm. CERN/DD has
decided that they will not close the lab to the outside world.
The victims (i.e., us) will have to close themselves off.
Unfortunately, we will have to remain this way until we get
further notice. Therefore reconnection of ethernet will only
be provided under supervision and for special circumstances only.
Contact us at 7360 for arrangements.

Hopefully this will be over soon!

Makoto
=============================================

Eberhard
0 Kudos
Jan van den Boogaard
Frequent Advisor

‎05-30-2007 03:44 AM

‎05-30-2007 03:44 AM

Re: Virus for OpenVMS

That worm was a long time ago, but I recall. It was a deliberate attack from a DEC employee in Northern Europe, but ppl got rather scared!!
0 Kudos
Peter Zeiszler
Trusted Contributor

‎05-30-2007 03:59 AM

‎05-30-2007 03:59 AM

Re: Virus for OpenVMS

Code red attacked port 135 which happens to be a default port for DCE. This could have produced a denial of service attack and would have affected only port 135 or DCE. HP patched DCE for that reason.

So a virus could have affected a VMS system but was not on the VMS system. This is more of a DoS on a VMS machine which could be carried out on any type of system using network.
0 Kudos
Dean McGorrill
Valued Contributor

‎05-30-2007 11:08 AM

‎05-30-2007 11:08 AM

Re: Virus for OpenVMS

We had a couple of security holes come by
that I worked on in decnet, but we plugged
em up asap. I was unlucky enough to be around as a system manager for the breakin at dec by kevin mitnick & crew in the 80's.
My recollection is that it began with a
valid user/pwd combo. Other then getting hit
with a zillion connects, that could use up
resources, VMS is a wonderful OS!
0 Kudos
Sentosa
Frequent Advisor

‎05-31-2007 01:29 PM

‎05-31-2007 01:29 PM

Re: Virus for OpenVMS

thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.