Date: Wed, 20 May 1998 17:18:37 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Emmanuel Gravel <egravel@elr346.ateng.az.honeywell.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <199805210018.RAA04596@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Wed, 20 May 1998 13:17:11 PDT." <3562D7D7.65F60C0@elr346.ateng.az.honeywell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Stunt Pope wrote: > > On 20-May-98 Emmanuel Gravel wrote: > > > I haven't heard of a virus made for a Unix-like OS before, but I'm > > > wondering if this can be an issue with FreeBSD (or Linux for that > > > matter). I'm saying this since they both run on the most common > > > platform there is today, the PC. I know most virii were writen for > > > DOS-like OS's, but it's my impression that the common point between > > > both machines is the hardware. > > > > > > Can anyone either clear this for me, or point me in the right direction > > > for some info? > > > > > > > Checkout the Bugtraq archives, and search on "linux virus", there was > > one released last summer or so, mainly as an exercise IIRC. Can't > > remember the name of it though. > > > > (http://www.geek-girl.com/bugtraq/) > > > > -mark > > Thanks for all the info. Now for a second question. Since there is an > antivirus made by McAfee for Linux, Solaris, HP-UX, AIX (and one or two > more Unix OS's) is there anything similar made for FreeBSD? What can > one download/purchase to prevent: > > 1- Arrival/infection of the system from any virus that would target > FreeBSD? > 2- Presence of virii for any other OS in any file on the system? > > Thanks for your help! Sorry for getting into this late... another day of meetings. The Linux virus was not a virus in the truest sense. What it did was to move the original binary to some other directory and replace it with itself, which in turn would do what virus-like programs like to do and finally exec(2) the original program. If you want to characterize this in any way, it would probably be closer to a trojan horse than a virus, though that's more an issue of semantics. The best way to detect such a beast on a UNIX system would probably be with tripwire or some other application that maintains signatures of various files on your system. > > Emmanuel Gravel > egravel@elr346.ateng.az.honeywell.com Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805210018.RAA04596>