If its a samba share and its world-writeable, Windows viruses will happily do whatever damage they would normally do to a local drive or Windows share. If this is a problem, then you really should have anti-virus software running on all the machines, otherwise you're just inviting a disaster... Matt Message: 10 Date: Tue, 25 Sep 2001 19:32:17 -0400 From: Joel Hammer <Joel@HammersHome.com> To: samba@lists.samba.org, linux-users@linux.nf Subject: Windows viruses hitting linux via network shares Yet another virus is on us. This one comes via windows and when executed will erase your hard drive, or whatever. I have a home network with windows clients on it. So far, nobody has done the unthinkable, but they might some day. I have all the boxes hooked together with a samba network. Seems to work OK. I have all the clients as guest = ftp. This means that they couldn't write to most of my directories (or erase them) but there are plenty of files and probably some directories which are world writeable and erasable. So, question is, if one of these malicious viruses executed on a windows client, how much damage would one expect to the world writable directories and files on my linux boxes (Forget the windows boxes. I would gladly tell my windows users it was a shame.) While I await the answer, I am going to change all my shares to read only. On second thought, using the magic of samba, I'll let the linux boxes have write privileges. Joel
I have had this happen to me. At the company I was working for at the time, a secretary opened vbs.Loveletter on her computer. It destroyed files on her PC as well as files on all drives mapped from samba shares. We had to recover several Unix servers from tape. -- Needless to say, she had several long discussions with us that day. This occurred when loveletter 1st came out and before the DATs where available. It was most-definitely not a lot of fun. Ernie -----Original Message----- From: Matt Claridge [mailto:matt.claridge@breconbeacons.org] Sent: Thursday, September 27, 2001 3:41 AM To: samba@lists.samba.org Subject: re: Windows viruses hitting linux..... If its a samba share and its world-writeable, Windows viruses will happily do whatever damage they would normally do to a local drive or Windows share. If this is a problem, then you really should have anti-virus software running on all the machines, otherwise you're just inviting a disaster... Matt Message: 10 Date: Tue, 25 Sep 2001 19:32:17 -0400 From: Joel Hammer <Joel@HammersHome.com> To: samba@lists.samba.org, linux-users@linux.nf Subject: Windows viruses hitting linux via network shares Yet another virus is on us. This one comes via windows and when executed will erase your hard drive, or whatever. I have a home network with windows clients on it. So far, nobody has done the unthinkable, but they might some day. I have all the boxes hooked together with a samba network. Seems to work OK. I have all the clients as guest = ftp. This means that they couldn't write to most of my directories (or erase them) but there are plenty of files and probably some directories which are world writeable and erasable. So, question is, if one of these malicious viruses executed on a windows client, how much damage would one expect to the world writable directories and files on my linux boxes (Forget the windows boxes. I would gladly tell my windows users it was a shame.) While I await the answer, I am going to change all my shares to read only. On second thought, using the magic of samba, I'll let the linux boxes have write privileges. Joel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Joel, Most viruses destroy data by simply changing the contents of existing files or replacing them with copies of the virus file. Since computer viruses utilize such a wide variety of methods to inflict their damage, it's doubtful that you would implement a method to stop them at this level. I suppose you could construct something that would watch for any file extension being changed or appended by .jbs or some other call sign. It's tough to control this through file permissions since the virus will conduct it's business in the security context of the Windows user. My best advice would be to run a good AntiVirus program on the Windows desktops and a STRONG AntiVirus package such as Trend's ScanMail on your mail servers. Ernie -----Original Message----- From: Joel Hammer [mailto:Joel@HammersHome.com] Sent: Thursday, September 27, 2001 1:08 PM To: samba@lists.samba.org Subject: Re: Windows viruses hitting linux..... I guess my question is: What commands are issued by the viruses to do their damage (erasing files)? Is is possible with samba to disallow certain types of commands, say commands with wildcards that erase files? Or, in a more general sense, could samba limit what clients can do in terms of copying and writing files in such a way that viruses couldn't do much harm but users wouldn't be inconvenienced? Joel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Samba can "veto" files, so one can arrange to veto the specific files a given virus tries to save/update. For example, "hello.exe" for a recent example. Of course, infecting c:\windows\command.com isn't going to do much to Samba either, so you might say it has a degree of immunity already (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Americas Customer Engineering, | some people and astonish the rest. SunPS Integration Services. | -- Mark Twain (905) 415-2849 | davecb@canada.sun.com