summaryrefslogtreecommitdiff
path: root/docs/README.Win32-Viruses
diff options
context:
space:
mode:
Diffstat (limited to 'docs/README.Win32-Viruses')
-rw-r--r--docs/README.Win32-Viruses56
1 files changed, 56 insertions, 0 deletions
diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses
new file mode 100644
index 0000000000..f887486eaa
--- /dev/null
+++ b/docs/README.Win32-Viruses
@@ -0,0 +1,56 @@
+While this article is specific to the recent Nimda worm,
+the information can be applied to preventing the spread
+of many Win32 viruses. Thanks to the Samba Users Group of Japan
+(SUGJ) for this article.
+===============================================================================
+Steps againt Nimba Worm for Samba
+
+Author: HASEGAWA Yosuke
+Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>
+
+The information in this article applies to
+ Samba 2.0.x
+ Samba 2.2.x
+ Windows 95/98/Me/NT/2000
+
+SYMPTOMS
+ This article has described the measure against Nimba Worm for Samba
+ server.
+
+DESCRIPTION
+ Nimba Worm is infected through the shared disk on a network besides
+ Microsoft IIS, Internet Explorer and mailer of Outlook series.
+
+ At this time, the worm copies itself by the name *.nws and *.eml on
+ the shared disk, moreover, by the name of Riched20.dll in the folder
+ where *.doc file is included.
+
+ To prevent infection through the shared disk offered by Samba, set
+ up as follows:
+
+-----
+[global]
+ ...
+ veto files = /*.eml/*.nws/riched20.dll/
+-----
+
+ Setting up "veto files" parameter, the matched files on the Samba
+ server are completely hidden from the clients and become impossible
+ to access them at all.
+
+ In addition to it, the following setting are also pointed out by the
+ samba-jp:09448 thread: when the
+ "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
+ a Samba server, it is visible only with "readme.txt" and a dangerous
+ code may be performed when this file is double-clicked.
+
+ Setting the following,
+-----
+ veto files = /*.{*}/
+-----
+ no files having CLSID in its file extension can be accessed from any
+ clients.
+
+This technical article is created based on the discussion of
+samba-jp:09448 and samba-jp:10900 threads.
+