[lug] Someone on this list likely has a windows virus
D. Stimits
stimits at idcomm.com
Mon Apr 29 18:41:53 MDT 2002
Stephen Queen wrote:
>
> I have samba set up as the domain master, and the user profiles for the
> windows machines are stored on it. That was definitely the Klez virus that
> was emailed to my wife today. It is not clear to me if I should delete
> those profiles stored on the linux machine and start over or not. What is
> other peoples opinons regarding this?
> Thanks,
> Steve Queen
No idea myself. I would guess though that any virus that uses MS
services and weaknesses *can* make samba vulnerable, under some
circumstances. Depending on whether it is a protocol/design error, or an
implementation problem. Let's say it is a buffer overflow, but someone
less careless than MS implemented the same functionality but used sanity
checking of buffer sizes, then samba would not be vulnerable. But if it
is related to a service and that service stores and runs scripts, and it
is not a buffer overflow but a
script-allowed-to-do-anything-if-specs-are-followed, then your samba
stuff is probably doing just what it was told to do: be a virus
condominium. Perhaps samba can have a MS style virus scanner added?
Don't know.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list