diff options
author | Gerald Carter <jerry@samba.org> | 2001-12-06 07:37:58 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2001-12-06 07:37:58 +0000 |
commit | e4840f0db911eaf3aee1195030c6efca70d78f14 (patch) | |
tree | 118d89347f96394e4db9a8cb8b1a260d35a8930b /docs/README.Win32-Viruses | |
parent | f68a08f1f96a669e940fa52edfe6f8d7d3305cac (diff) | |
download | samba-e4840f0db911eaf3aee1195030c6efca70d78f14.tar.gz samba-e4840f0db911eaf3aee1195030c6efca70d78f14.tar.bz2 samba-e4840f0db911eaf3aee1195030c6efca70d78f14.zip |
merge from 2.2
(This used to be commit c5ee06b7c8fc9f1fec679acc7d7f47f333707456)
Diffstat (limited to 'docs/README.Win32-Viruses')
-rw-r--r-- | docs/README.Win32-Viruses | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses new file mode 100644 index 0000000000..f887486eaa --- /dev/null +++ b/docs/README.Win32-Viruses @@ -0,0 +1,56 @@ +While this article is specific to the recent Nimda worm, +the information can be applied to preventing the spread +of many Win32 viruses. Thanks to the Samba Users Group of Japan +(SUGJ) for this article. +=============================================================================== +Steps againt Nimba Worm for Samba + +Author: HASEGAWA Yosuke +Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp> + +The information in this article applies to + Samba 2.0.x + Samba 2.2.x + Windows 95/98/Me/NT/2000 + +SYMPTOMS + This article has described the measure against Nimba Worm for Samba + server. + +DESCRIPTION + Nimba Worm is infected through the shared disk on a network besides + Microsoft IIS, Internet Explorer and mailer of Outlook series. + + At this time, the worm copies itself by the name *.nws and *.eml on + the shared disk, moreover, by the name of Riched20.dll in the folder + where *.doc file is included. + + To prevent infection through the shared disk offered by Samba, set + up as follows: + +----- +[global] + ... + veto files = /*.eml/*.nws/riched20.dll/ +----- + + Setting up "veto files" parameter, the matched files on the Samba + server are completely hidden from the clients and become impossible + to access them at all. + + In addition to it, the following setting are also pointed out by the + samba-jp:09448 thread: when the + "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on + a Samba server, it is visible only with "readme.txt" and a dangerous + code may be performed when this file is double-clicked. + + Setting the following, +----- + veto files = /*.{*}/ +----- + no files having CLSID in its file extension can be accessed from any + clients. + +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. + |