From ad0e01e75059bedde6400529f1a5193ef9735e9b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 25 Oct 2002 15:15:32 +0000 Subject: sync from HEAD (This used to be commit 2eb7f0acd761a11bb0f24010347247074c5ed49a) --- docs/README.Win32-Viruses | 57 ----------------------------------------------- 1 file changed, 57 deletions(-) delete mode 100644 docs/README.Win32-Viruses (limited to 'docs/README.Win32-Viruses') diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses deleted file mode 100644 index 4646da83cf..0000000000 --- a/docs/README.Win32-Viruses +++ /dev/null @@ -1,57 +0,0 @@ -While this article is specific to the Nimda worm, -the information can be applied to preventing the spread -of many Win32 viruses. Thanks to the Samba Users Group of Japan -(SUGJ) for this article. -=============================================================================== -Steps against Nimba Worm for Samba - -Author: HASEGAWA Yosuke -Translator: TAKAHASHI Motonobu - -The information in this article applies to - Samba 2.0.x - Samba 2.2.x - Windows 95/98/Me/NT/2000 - -SYMPTOMS - This article describes measures against Nimba Worm for Samba - server. - -DESCRIPTION - Nimba Worm is infected through shared disks on a network, as well as through - Microsoft IIS, Internet Explorer and mailer of Outlook series. - - At this time, the worm copies itself by the name *.nws and *.eml on - the shared disk, moreover, by the name of Riched20.dll in the folder - where *.doc file is included. - - To prevent infection through the shared disk offered by Samba, set - up as follows: - ------ -[global] - ... - # This can break Administration installations of Office2k. - # in that case, don't veto the riched20.dll - veto files = /*.eml/*.nws/riched20.dll/ ------ - - By setting the "veto files" parameter, matched files on the Samba - server are completely hidden from the clients and making it impossible - to access them at all. - - In addition to it, the following setting is also pointed out by the - samba-jp:09448 thread: when the - "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on - a Samba server, it is visible only as "readme.txt" and dangerous - code may be executed if this file is double-clicked. - - Setting the following, ------ - veto files = /*.{*}/ ------ - any files having CLSID in its file extension will be inaccessible from any - clients. - -This technical article is created based on the discussion of -samba-jp:09448 and samba-jp:10900 threads. -- cgit