[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Anti Virus for Debian

After ILOVEYOU first came out and AV vendors didn't have a fix for it, we
had to figure out a way to quickly disable the virus. So I spent 5min
finding the reg key and writing 2 scripts to make the default action Edit,
instead of Open, and another in reverse, make the default action Open
instead of Edit. I wouldn't suggest renaming wscript.exe, jscript.exe or
csscript.exe, as Critical Updates, Repairing, or Upgrading IE will just put
those files back in place. The javascripts are attached, take a peek and see
if they fit the bill. If not, at least you still have the option to quickly
disable VBS scripting :)

-----Original Message-----
From: Daniel Stark [mailto:symresource@hotmail.com]
Sent: Wednesday, February 21, 2001 9:12 AM
To: storm@tux.org; tribune@cybersol.com.au
Cc: Matthews@softtech.co.nz; debian-security@lists.debian.org
Subject: Re: Anti Virus for Debian

Speaking of Windows and *.vbs attacks.  What you should really do is disable
the scripting host on all of your Windows machines.  For those of you who
don't know, you can just rename "wscript.exe" "jscript.exe" and
"cscript.exe".  There's a good chance you'll only have one of them.

>From: Bradley M Alexander <storm@tux.org>
>To: Mario Zuppini <tribune@cybersol.com.au>
>CC: Matthew Sherborne <Matthews@softtech.co.nz>,
>Subject: Re: Anti Virus for Debian
>Date: Mon, 19 Feb 2001 23:35:01 -0500
>On Tue, Feb 20, 2001 at 01:59:20PM +1000, Mario Zuppini wrote:
> > I would also like to know of virus scanners especially for mail servers
> > sendmail
> > that will work on a SPARC ???
> >
> > there are a few that work under i386 ie like amavris etc can be found on
> > freshmeat.net
> > but nothing will work under a sparc
>As a quick and dirty option, you can use procmail to filter. Depending on
>your security posture and thread environment, you can filter on
>multi-extension vbs files (e.g. AnnaKournikova.jpg.vbs), all VBS files, exe
>files, or any combination. You could filter them to a quarantine area, then
>peruse them at your leisure.
>You should combine this with turning off auto execute of attachments on all
>of your windows boxen.
>Bradley M. Alexander, CISSP              |   Co-Chairman,
>Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
>Winstar Telecom                          |   balexander@winstar.com
>(703) 889-1049                           |   storm@tux.org
>Those who trade liberty for security have neither.
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact

Get your FREE download of MSN Explorer at http://explorer.msn.com

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Attachment: VBS scripts.zip
Description: Zip compressed data

Reply to: