From: "Magus Ba'al" <magusbaal@digitalbastards.net>
To: <debian-security@lists.debian.org>
Subject: RE: Anti Virus for Debian
Date: Wed, 21 Feb 2001 09:32:28 -0700
After ILOVEYOU first came out and AV vendors didn't have a fix for it, we
had to figure out a way to quickly disable the virus. So I spent 5min
finding the reg key and writing 2 scripts to make the default action Edit,
instead of Open, and another in reverse, make the default action Open
instead of Edit. I wouldn't suggest renaming wscript.exe, jscript.exe or
csscript.exe, as Critical Updates, Repairing, or Upgrading IE will just put
those files back in place. The javascripts are attached, take a peek and
see
if they fit the bill. If not, at least you still have the option to quickly
disable VBS scripting :)
-----Original Message-----
From: Daniel Stark [mailto:symresource@hotmail.com]
Sent: Wednesday, February 21, 2001 9:12 AM
To: storm@tux.org; tribune@cybersol.com.au
Cc: Matthews@softtech.co.nz; debian-security@lists.debian.org
Subject: Re: Anti Virus for Debian
Speaking of Windows and *.vbs attacks. What you should really do is
disable
the scripting host on all of your Windows machines. For those of you who
don't know, you can just rename "wscript.exe" "jscript.exe" and
"cscript.exe". There's a good chance you'll only have one of them.
>From: Bradley M Alexander <storm@tux.org>
>To: Mario Zuppini <tribune@cybersol.com.au>
>CC: Matthew Sherborne <Matthews@softtech.co.nz>,
>debian-security@lists.debian.org
>Subject: Re: Anti Virus for Debian
>Date: Mon, 19 Feb 2001 23:35:01 -0500
>
>On Tue, Feb 20, 2001 at 01:59:20PM +1000, Mario Zuppini wrote:
> > I would also like to know of virus scanners especially for mail
servers
>ie
> > sendmail
> > that will work on a SPARC ???
> >
> > there are a few that work under i386 ie like amavris etc can be found
on
> > freshmeat.net
> > but nothing will work under a sparc
>
>As a quick and dirty option, you can use procmail to filter. Depending on
>your security posture and thread environment, you can filter on
>multi-extension vbs files (e.g. AnnaKournikova.jpg.vbs), all VBS files,
exe
>files, or any combination. You could filter them to a quarantine area,
then
>peruse them at your leisure.
>
>You should combine this with turning off auto execute of attachments on
all
>of your windows boxen.
>
>--
>--Brad
>===========================================================================
=
>Bradley M. Alexander, CISSP | Co-Chairman,
>Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG
>Winstar Telecom | balexander@winstar.com
>(703) 889-1049 | storm@tux.org
>===========================================================================
=
>Those who trade liberty for security have neither.
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
>listmaster@lists.debian.org
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
<< VBSscripts.zip >>