From e4840f0db911eaf3aee1195030c6efca70d78f14 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 6 Dec 2001 07:37:58 +0000 Subject: merge from 2.2 (This used to be commit c5ee06b7c8fc9f1fec679acc7d7f47f333707456) --- docs/README.Win32-Viruses | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 docs/README.Win32-Viruses (limited to 'docs/README.Win32-Viruses') diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses new file mode 100644 index 0000000000..f887486eaa --- /dev/null +++ b/docs/README.Win32-Viruses @@ -0,0 +1,56 @@ +While this article is specific to the recent Nimda worm, +the information can be applied to preventing the spread +of many Win32 viruses. Thanks to the Samba Users Group of Japan +(SUGJ) for this article. +=============================================================================== +Steps againt Nimba Worm for Samba + +Author: HASEGAWA Yosuke +Translator: TAKAHASHI Motonobu + +The information in this article applies to + Samba 2.0.x + Samba 2.2.x + Windows 95/98/Me/NT/2000 + +SYMPTOMS + This article has described the measure against Nimba Worm for Samba + server. + +DESCRIPTION + Nimba Worm is infected through the shared disk on a network besides + Microsoft IIS, Internet Explorer and mailer of Outlook series. + + At this time, the worm copies itself by the name *.nws and *.eml on + the shared disk, moreover, by the name of Riched20.dll in the folder + where *.doc file is included. + + To prevent infection through the shared disk offered by Samba, set + up as follows: + +----- +[global] + ... + veto files = /*.eml/*.nws/riched20.dll/ +----- + + Setting up "veto files" parameter, the matched files on the Samba + server are completely hidden from the clients and become impossible + to access them at all. + + In addition to it, the following setting are also pointed out by the + samba-jp:09448 thread: when the + "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on + a Samba server, it is visible only with "readme.txt" and a dangerous + code may be performed when this file is double-clicked. + + Setting the following, +----- + veto files = /*.{*}/ +----- + no files having CLSID in its file extension can be accessed from any + clients. + +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. + -- cgit