samba - Oct 2001 - samba server an virus info

I'm in process of setting up a samba server on a SuSe linux machine. After 
this past round of nimda virus outbreak, im wondering if anyone out is 
running any virus software on you linux/unix machines that are serving up 
samba shares. I know that nimda spread to network shares from what im been 
reading an im wanting something that could stop this attach in its tracks 
before it infected the shares/files on the shares. I have nortons antivirus 
software running on all my desktops but just would be nice to have some 
peace of mind on the server side also.

thanks for any info you can pass on.


jack malone
Network Administrator
EAST TEXAS LIGHTHOUSE FOR THE BLIND
dba HORIZON INDUSTRIES
903-595-3444
http://www.horizonind.com

On Thu, 4 Oct 2001, Jack Malone wrote:
> I'm in process of setting up a samba server on a SuSe linux machine.
After
> this past round of nimda virus outbreak, im wondering if anyone out is
> running any virus software on you linux/unix machines that are serving up
> samba shares. I know that nimda spread to network shares from what im been
> reading an im wanting something that could stop this attach in its tracks
> before it infected the shares/files on the shares. I have nortons antivirus
> software running on all my desktops but just would be nice to have some
> peace of mind on the server side also.
Below is an email I saved from this list a few weeks ago.

As to virus software for Linux.  I use mcaffee's  You cann't buy it any
more
but the updates still work.

Other companies have antivirus producst for linux:
Try http://www.google.com/search?hl=en&q=Linux+antivirus+products
as a starting point.

---------- Forwarded message ----------
Hello,

SUGJ(Samba Users Group Japan) offers such information
  at http://www.samba.gr.jp/project/kb/J0/1/09.html

This is the English version of it,

Is it usefull?

-----
Steps againt Nimba Worm for Samba

Last Updated: 2001/09/22
Author: HASEGAWA Yohsuke
Translator: TAKAHASHI Motonobu

The information in this article applies to
    Samba 2.0.x
    Samba 2.2.x
    Windows 95/98/Me/NT/2000

SYMPTOMS
  This article has described the measure against Nimba Worm for Samba
  server.

DESCRIPTION
  Nimba Worm is infected through the shared disk on a network besides
  Microsoft IIS, Internet Explorer and mailer of Outlook series.

  At this time, the worm copies itself by the name *.nws and *.eml on
  the shared disk, moreover, by the name of Riched20.dll in the folder
  where *.doc file is included.

  To prevent infection through the shared disk offered by Samba, set
  up as follows:

-----
[global]
  ...
  veto files = /*.eml/*.nws/riched20.dll/
-----

  Setting up "veto files" parameter, the matched files on the Samba
  server are completely hidden from the clients and become impossible
  to access them at all.

  In addition to it, the following setting are also pointed out by the
  samba-jp:09448 thread: when the
  "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
  a Samba server, it is visible only with "readme.txt" and a dangerous
  code may be performed when this file is double-clicked.

  Setting the following,
-----
  veto files = /*.{*}/
-----
  no files having CLSID in its file extension can be accessed from any
  clients.

This technical article is created based on the discussion of
samba-jp:09448 and samba-jp:10900 threads.

-----
TAKAHASHI, Motonobu(monyo)         monyo@samba.gr.jp

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */

Just getting a samba server setup on suse linux here. In testing things out 
I opened up a couple excell files. One of the files pulls in info from the 
second file via links. when trying to save the file i get  not enough 
memory. then i hit the ok button on the popup box an i get a second error 
of not able to save external links.  Has anyone else experienced this 
problem with excel files. I have oplocks = True in smb.conf file.

thanks.