search for: drweb

...ct. Sender = samba@samba.org (may be forged) Recipients = mailer-daemon@inetforce.com.ua Subject = MAIL TRANSACTION FAILED Message-ID = i0RDVRlh033718 Antivirus filter report: --- Dr.Web report --- Following virus(es) has been found: infected with Win32.HLLM.MyDoom.32768 Dr.Web detailed report: drweb.tmp.jCX8OM - archive MAIL drweb.tmp.jCX8OM/[text:plain] - Ok drweb.tmp.jCX8OM/document.exe infected with Win32.HLLM.MyDoom.32768 Dr.Web scanning statistic: Infected : 1 --- Dr.Web report --- The original message was stored in archive record named: drweb.quarantine.Y9Bm8O In order to receive th...

...fected object. Sender = samba@samba.org (may be forged) Recipients = blizz@rtf-15.ntu-kpi.kiev.ua Subject = something for you Message-ID = i1OK4sac009347 Antivirus filter report: --- Dr.Web report --- Following virus(es) has been found: infected with Win32.HLLM.Foo.41984 Dr.Web detailed report: drweb.tmp.RT50zH - archive MAIL drweb.tmp.RT50zH/[text:plain] - Ok drweb.tmp.RT50zH/msg.doc.pif infected with Win32.HLLM.Foo.41984 Dr.Web scanning statistic: Infected : 1 --- Dr.Web report --- The original message was stored in archive record named: drweb.quarantine.SqXmaN In order to receive the or...

...ains an infected object. Sender = samba@samba.org (may be forged) Recipients = vladislav.smirnov@yabloko.ru Subject = Hurts Message-ID = [unknown-id] Antivirus filter report: --- Dr.Web report --- Following virus(es) has been found: infected with Win32.HLLM.Netsky.17920 Dr.Web detailed report: drweb.tmp.tB3Syz/[text/plain] - Ok drweb.tmp.tB3Syz/hurts.pif infected with Win32.HLLM.Netsky.17920 Dr.Web scanning statistic: Infected : 1 --- Dr.Web report --- The original message was stored in archive record named: file was not created In order to receive the original message, please send reques...

...ound: infected with Win32.HLLM.MyDoom.32768 Dr.Web detailed report: ns.stu.neva.ru:1332/[text/plain] - Ok ns.stu.neva.ru:1332/message.zip infected with Win32.HLLM.MyDoom.32768 Dr.Web scanning statistic: Infected : 1 --- Dr.Web report --- The original message was stored in archive record named: drweb.quarantine.T0fO52 In order to receive the original message, please send request to <postmaster@stu.neva.ru>, referring to the archive record name given above. --- Antivirus service provided by Dr.Web(R) Daemon for Unix (http://www.drweb.ru, http://www.dials.ru/english) -------------...

Hello All, What could mean the following in maillog: Apr 5 23:17:40 drweb sm-mta[87118]: h35JHb15087090: Fixed MIME Content-Type header field (possible attack) Is it something to worry about? -- Nikolaj I. Potanin, SA http://www.drweb.ru ID Anti-Virus Lab (SalD Ltd) nikolaj@drweb.ru St. Petersburg, Russia...

Hello, This is not a Samba question itself, but it's somewhat related to Samba. I am planning to replace the two Windows 2000 Server servers in a client company with two Samba PDCs with LDAP backend. Currently, those W2K servers hold the Active Directory and the the antivirus management console. And this is the only nuisance we are finding when moving from Windows Server to Samba PDC. If

I have Samba PDC and use tdbsam backend. I use the version 3.0.11, but recently I have exchanged it for the version 3.0.23c. Now I have a number of problem. Here is one of then. I wish to move one user "gad" from Domain Users (RID 513) to Domain Guests (RID 514). Now Primary group of user "gad" is "Domain Users": pdbedit -Lv gad -d0 Unix username: gad NT

...85:482:Zabbix Agent Daemon:/var/lib/zabbix:/bin/false privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false asurkov:x:11114:100::/home/asurkov:/bin/bash administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh videoadm:*:4294967295:4294967295:videoadm...

Hi, I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log: Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via ed1 where xxxxxx is the attacker's IP and yyyyy is my box. But in sshd log, there are no traces left behind by this connection. Normally, there is "Did not receive identification string from xxx" etc, when somebody tries to

...d: > Today's Topics: > > 1. Fixed MIME Content-Type header field (Nikolaj I. Potanin) > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 6 Apr 2003 12:59:31 +0400 > From: "Nikolaj I. Potanin" <nikolaj@drweb.ru> > Subject: Fixed MIME Content-Type header field > To: freebsd-security@freebsd.org > Hello All, > What could mean the following in maillog: > Apr 5 23:17:40 drweb sm-mta[87118]: h35JHb15087090: Fixed MIME > Content-Type header field (possible attack) > Is it somethin...

...05352: from=<nb@sindbad.ru>, size=1737, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] -- Nikolaj I. Potanin, SA http://www.drweb.ru ID Anti-Virus Lab (SalD Ltd) nikolaj@drweb.ru St. Petersburg, Russia ph.: +7-812-3888624

...in/false >> privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false >> vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false >> lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false >> kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false >> drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false >> asurkov:x:11114:100::/home/asurkov:/bin/bash >> >> administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash >> xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh >&...

...n:/var/lib/zabbix:/bin/false > privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false > vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false > lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false > kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false > drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false > asurkov:x:11114:100::/home/asurkov:/bin/bash > administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash > xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh > videoadm:*:4294967295...

Any chance of this being implemented in fbsd? Could be usefull ;-) ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/

...var/lib/privoxy:/bin/false > vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false > lightdm:x:483:478:LightDM > daemon:/var/lib/lightdm:/bin/false > kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false > drweb:x:100:1000:Dr.Web system > account:/var/opt/drweb.com:/bin/false > asurkov:x:11114:100::/home/asurkov:/bin/bash > administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash > xviewsion:*:4294967295:4294967295:xviewsi...

...:ASP, Parser3, PHP. * Development: CVS, cvsup. * Networking: mpd, nmap, tcpdump, mrtg, isc-dhcp. * Mail: procmail, maildrop, qmail, postfix, sendmail, avcheck, sqwebmail, courier-imap, mailman, cyrus-imap. * Security: sudo, gnupg, cistron-radiusd, freeradius, tac_plus, drweb. * Databases: DBI, postgresql, mysql, msql. * News: binkd, inn, ifmail, gup. DNS: isc-bind, djbdns. * Communications: mgetty, jabberd. ... and many, many others. Employment history: * March 1998 - present: Senior system/network administrator of VolgaLink ISP. FreeBS...

I have Samba 3.0.23d. My log level is 5. Every day in each user's log I see this records: [2006/12/18 16:39:39, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) what does it mean?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fabio Muzzi wrote: > Hello drweb, > > Saturday, November 25, 2006, 4:32:17 PM, you wrote: > > > d> By command: > d> pdbedit -r gad -G 514 -d0 > d> I cann't change primary group. > > > I was looking through the list archives and found your post. I have > the same issue. Any sol...

Hello! I found at my "smbd.log" many record, like this: [2007/03/14 18:15:00, 0] lib/util.c:close_low_fds(668) Didn't get file descriptor 0 What this means?

..., PostgreSQL. * Software: Routing: route, zebra. WWW: Apache with php with MySQL with SSL, squid. Networking: mpd, nmap, tcpdump, mrtg, isc-dhcp. Mail postfix, exim, pop3d, courier-imap ; Multi domain mail system, users account stored in MySQL. Security: sudo, drweb. Databases: DBI, postgresql, mysql, msql. DNS: isc-bind, isc-bind with MySQL (dlz-driver - zone store in MySQL) and etc. All software was build using source codes. PROFESSIONAL EXPERIENCE: May 2001 - present Title: Senior Unix system administrator Company: ISP &qu...