Date: Wed, 15 Sep 2004 08:58:42 -0400 From: "Eric W. Bates" <ericx@vineyard.net> To: Pat Lashley <patl+freebsd@volant.org> Cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine Message-ID: <41483C82.8070108@vineyard.net> In-Reply-To: <B7A193EBF32592C1BC9C6000@vanvoght.phoenix.volant.org> References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <414793FF.3000008@vineyard.net> <B7A193EBF32592C1BC9C6000@vanvoght.phoenix.volant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pat Lashley wrote: | --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" | <ericx_lists@vineyard.net> wrote: | |> It's a small store. Folks with broken computers bring the |> machines in because "It doesn't work". They usually don't |> know what is wrong with any given machine; and they try to |> be careful (remove the hard drive and attempt to clean it |> first); but eventually there is a need to put the machine |> on line and try to update Norton's virus list. | | | Befoe bringing it on-line, why not mount the disk on a FreeBSD | machine and run ClamAV over all the files? It's not guaranteed | to catch everything; but it should at least reduce the window. They do something similar. They mount it on a windows machine and run Norton. The reality I'm trying to accommodate is that the staff will not always be knowledgeable, and even if they follow procedure there will always be a virus or spyware that gets thru. Clearly this problem could have easily been solved by simply unplugging the damaged machine from the wire. | You could also consider setting it up so that the initial | reconnection is on a separate cable going through a firewall | that -only- allows the connections necessary to update the | Norton virus list. Once it is updated, unplug it from the | network, run the virus check, and only then plug it into | your main LAN. That's a good idea. | | -Pat - -- Eric W. Bates ericx@vineyard.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBSDyCD1roJTQ4LlERAjXKAKDIbeevdb3YlMs+b4lvJhan0NpwpQCeJ7ti gxVqzQQ5L5g61y1DSmMK4UM= =88RM -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41483C82.8070108>