On Fri, 2008-04-11 at 13:18 +0300, Antti J. Huhtala wrote: > to, 2008-04-10 kello 21:50 -0400, max kirjoitti: > > Edwin Tan wrote: > > > hi Subhodip, > > > Please check below link for antivirus program download for linux. > > > > > > http://www.avast.com/eng/download-avast-for-linux-edition.html > > > > > > thanks. > > > > > > > Running virus scans is a waste of time. If you believe its compromised > > wipe the drive and flash the bios. I don't mean just format and install > > either. Write zeros (maybe more than once) to the harddrive. Make sure > > the MBR does not survive. Do not backup anything! if you have something > > that you absolutely cannot do with out, I don't mean MP3's either, then > > back that up to a cd and label it clearly and scan only that, more than > > once with multiple antivirus scanners, rootkit scanners, use windows and > > Linux antivirus scanners and rootkit hunters. if these are something for > > which you have a checksum then makesure that it matches the original no > > matter what or shred it. Yes i mean physically shred or otherwise > > destroy the cd. If the the files fail a single test, consider them > > tainted and destroy them. Flash the bios because there are viruses that > > will compromise the BIOS, these will be cross platform, they will affect > > any machine with any OS. Make sure that any external drives that have > > ever come into contact with the infected machine get the same treatment. > > Wipe it completely clean! > > > > Max > > > A spot of overkill, perhaps? > > In my modest experience my Linux box has been compromised thŕee (3) > times that I know of. The first was an RH 6.2 box, and my present box > has been invaded twice, first during the FC6 era and then soon after my > F8 installation last December. > Each and every time the invader came in through ssh. Against my better > judgement in installing F8 I allowed ssh to remain a "secure service" as > suggested by the F8 installer. Well, it proved not to be. > > There seem to be some "sportsmen" out there who just can't resist the > temptation of an open ssh port. Now, if I plan to use ssh to connect to > my box from a remote location, I'm going to have iptables rules to allow > ssh only from known addresses. Not very flexible, perhaps, but I don't > want to allow these sportsmen in again. > > In each case, just wiping the installation clean and reinstalling with > ssh port closed seems to have done the trick. > > My 2 c. I'm not sure anyone's pointed this out as yet (not from what I've read though), but the very fact there's a window$ box on the network is a risk in itself. Window$ maybe Window$, and *nix *nix, but because window $ is not as secure it is possible to gain use this to gain a foothold and attack the *nix machine from the relative comfort of an armchair... Given the monstrous number of attacks and exploits for M$ products it is really a risk which can't be ignored. I'd be adjusting all possible settings NOT to trust the M$ box- only if it can't be removed from the scene altogether. And thats not just a hate/revenge thing.
