[Gloucs] I-WORM/Opas.A - FIREWALLS

Mark gloucs at mailman.lug.org.uk
Thu Jan 2 10:09:01 2003 

On 1 Jan 2003, Guy Edwards wrote:

> On Wed, 2003-01-01 at 20:12, Mark wrote:
> > *ahem* *cough* Network Associates->McAfee do a top notch virus scanner
> > for windows (enquire within).
> >
> > right now i've said that, there are plenty of free ones out there (suggest
> > look @ Guys links)
>
> Go on, tell. How does the McAfee one work in practice? I heard it
> mentioned before elsewhere but I thought I'd wait to see if anyone on
> the list was using it and was going to come forward. It's a cron timed
> scanner isn't it rather than an on-demand? I've not heard very much.

Using what I know of the product as a base.


Well, as you can set the crond to run pretty much anything on a reglar
basis it is certainly an easy method of running a virus scanner, so for
example having it run over night (normally due to high processor usage
requirements). however it is possible to run a proactive (any of you
having used McAfee or Norton's virus scanners may well have seen the
"on-demand" virus scanning facilities that are included with those
products (may have also found that your computer can just about use
notepad when either one of the two get going..they do hog system resources
(but thats windows eh!))

virus scanners can be added to the cron tab, however I actually have it
running constantly on my laptop..128megs of ram, and also on an identical
system that operates as a web/mailserver and it really isnt
affected by the scanning.


If you wanted to check a directory every time the user, say used "ls" on a
system you could write a "new" ls that also includes calling the binary
in the background,with appropriate arguements and scanning, then going back to
sleep.


>
> > Ok, sorry Guy i wont turn into an advertisement.
>
> Nah plug it :-) Might as well tell what your company does. Is your

Not my company...just a minor share holder.

> website down by the way? Trying security-foundation.net (or www.) I get
> redirected to http://uk.finance.yahoo.com/

I wont go into the details, however it involves a small amount of money,
some forensic disk images and a few late nights. However if all is well it
should be redirecting to www.securityfocus.com within the next dew days.

>
> Guy>
>

Mark

>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>