| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1709.2 | More on Word viruses | VARDAF::BERBIGIER | | Mon Feb 05 1996 17:28 | 17 |
| 1709.3 | | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Tue Feb 06 1996 12:41 | 8 |
| 1709.4 | time and money ! | VARDAF::BERBIGIER | | Tue Feb 06 1996 13:51 | 36 |
| 1709.5 | How many licenses ... Better to think now !!! | VARDAF::BERBIGIER | | Fri Feb 09 1996 14:47 | 32 |
| 1709.6 | | IOSG::MAURICE | Like a tea tray in the sky | Fri Feb 09 1996 17:03 | 21 |
| 1709.7 | Cost effective cleaning ? | VARDAF::BERBIGIER | | Fri Feb 09 1996 18:09 | 44 |
| 1709.8 | Don't even allow the mail on the system | AIMTEC::ZANIEWSKI_D | Why would CSC specialists need training? | Fri Feb 09 1996 21:32 | 7 |
| 1709.9 | May not want to notify | JULIET::WRIGHT_KE | Perform a R*A*S*K Today! | Mon Feb 12 1996 04:31 | 11 |
| 1709.10 | 80/20 rule vs. paranoia | VARDAF::BERBIGIER | | Mon Feb 12 1996 16:54 | 32 |
| 1709.11 | Information on Zmumble.xxx files | RDGENG::GRIFFITHSR | | Mon Feb 12 1996 17:48 | 22 |
| 1709.12 | Usable for a very small number of infections but... | VARDAF::BERBIGIER | | Mon Feb 12 1996 18:07 | 85 |
| 1709.13 | | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Mon Feb 12 1996 18:09 | 13 |
| 1709.14 | Already fixed | RDGENG::GRIFFITHSR | | Mon Feb 12 1996 18:30 | 13 |
| 1709.15 | Why not do it the easy way? | IOSG::MARSHALL | | Mon Feb 12 1996 21:29 | 27 |
| 1709.16 | Agree, just provide appropriate hooks | VARDAF::BERBIGIER | | Tue Feb 13 1996 10:58 | 26 |
| 1709.17 | 727 of those little ... virus found on one cluster | CHEFS::MORRISONG | | Wed Feb 14 1996 14:18 | 9 |
| 1709.18 | Request for quotation ! | VARDAF::BERBIGIER | | Thu Feb 22 1996 10:51 | 18 |
| 1709.19 | See Note 5.1 | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Thu Feb 22 1996 11:20 | 4 |
| 1709.20 | | IOSG::CHAPLIN | Andy Chaplin | Sat Feb 24 1996 03:01 | 25 |
| 1709.21 | VSWEEP | EINE::ANDERSON | Still Alive | Fri Jan 31 1997 01:38 | 7 |
| SWEEP from Sophos now has a VMS verson VSWEEP that can be run against
PC files on VMS disks to detect viruses and the latest version even
claims to be able to disinfect them (although it does not seem to do a
great job).
Regards
Keith
|
| 1709.22 | | SNOFS1::JOYCEJENNY | Still crazy after all these years | Wed Feb 19 1997 07:34 | 21 |
| .6 talks about using VSWEEP to scan for Viruses
According to the VSWEEP documentation I have just got a copy of, the
files to be scanned must be "under PATHWORKS File Services or Disk
Services"
How have people who've been using VSWEEP on ALL-IN-1 systems been
setting it up? I don't know much about Pathworks (though we have
people here who do when I need them), but do I need a file service or a
disk service? Doesn't pathworks but ACLS all over the place? Does
this interfere with the ACLs that are already on ALL-IN-1 drawers?
If VSWEEP runs from DCL, why does it need Pathworks? In fact, I can't
see why it won't do the VMS scan on a machine without Pathworks from my
quick scan of the manual.
Has anyone had any problems or successes with VSWEEP on an ALL-IN-1
system?
Jenny
|
| 1709.23 | See .11 | IOSG::BURTON | IOSG - SEI CMM level 3 | Wed Feb 19 1997 11:34 | 1 |
|
|
| 1709.24 | You asked for experiences | SHRMSG::HOWARD | Ben | Wed Feb 19 1997 20:30 | 22 |
| I'm running VSWEEP on a few ALL-IN-1 systems. It finds a lot of files,
but I'm not sure how much disinfecting it really does. The number of
CONCEPT viruses has dwindled a lot, but now we have a lot of LAROUX
viruses. I can't tell if many of the CONCEPT documents were deleted
because I don't have the old reports. The big problem is that if you
find a document with a virus and VSWEEP doesn't clean it up (there's a
parameter to disinfect which I just leave on all the time), then you
have to do it from the PC via PATHWORKS. So you find 20 viruses in 20
different shared areas. Do you map each drive as a PATHWORKS drive and
then scan it? Knowing what user owns it doesn't help you there. What
I have been doing is to copy the file to my VMS directory and cleaning
it from there. I use F-MACROW to clean it, but F-MACROW sometimes
doesn't agree that there is a virus. This gets a bit tedious. Also,
F-MACROW doesn't like 9-character filenames; you can scan a file with
an NT-style name, such as "THISWEE~.DOC", but ZMUMBLEZZ.DOC is
invisible.
People really such be running XLSCAN or MVTOOL/SCANPROT.DOT on their
system to prevent macro viruses. You still have to invoke one of these
with mail messages, but at least there is something you can do.
Ben
|
| 1709.25 | | SNOFS1::JOYCEJENNY | Still crazy after all these years | Thu Feb 20 1997 02:10 | 9 |
| re .23
Could you give me a pointer to any information about XLSCAN or
MVTOOL/SCANPROT.DOT - what they are, how they work etc.
re .22
Identifying who "owns" the file doesn't help me disinfect it - if I
tell the owner it's their responsibility nothing will be done about it.
|
| 1709.26 | | SNOFS1::JOYCEJENNY | Still crazy after all these years | Thu Feb 20 1997 03:32 | 5 |
| re .24
you mention a parameter to tell VSWEEP to disinfect documents - which
parameter is that (I can't find it in the documentation I have.
Jenny
|
| 1709.27 | /DI | VELI::KORKKO | | Thu Feb 20 1997 22:08 | 48 |
| $ vsweep :== $dev$manager:[vsweep]vsweep_axp
$ vsweep
and it will output:
The VSWEEP command format is:
$ VSWEEP {qualifiers} VMS_filespec{qualifiers}{,VMS_filespec{qualifiers}...}
where 'VMS_filespec' specifies PATHWORKS file services.
All normal VMS wildcard characters and logical names can be used, e.g.
$ VSWEEP $DISK1:[SYS0.PCSAV40...]%.EXE
will sweep files %.EXE;* in $DISK1:[SYS0.PCSAV40] and all subdirectories.
The optional command line qualifiers are:
/AD AUTODEFAULT MODE: ignores name.type;version in VMS_filespecs,
sweeps *.COM;*,*.EXE;*,*.OV%,*.SYS;* in specified VMS directories,
or (*.COM,*.EXE,*.OV?,*.SYS) in *.DSK;* if /DS is specified
/AL in autodefault mode, sweep *.*;* (not just *.COM;* etc.)
/CC{=f} generate checksum values for clean files
and add to temporary file "f" (default = INTERCHECK_COMMS_DIR:IC.WRK)
/DA in autodefault mode, check *.* within each virtual disk
/DI disinfect infected items
/DL list all files checked within each DOS virtual disk
/DS{=(DOS_filespec{,DOS_filespec...})} DISK SERVICE MODE
process VMS_filespec as virtual DOS disks, sweeping only specified DOS
files within each virtual disk (default = *.* unless /AD is specified)
/FF treat fixed-length sequential as an expected record format
/FI do not warn of unexpected record formats
/FO do not sweep files with unexpected record formats
/IL ignore files locked by other processes
/NC replace concealed device names with physical device names
/NS list all files as they are checked
/OUT{=f} write reports to file "f" (default = SWEEP.LOG)
/QU quick sweeping
/RW attempt to sweep files already opened for writing
/SC sweep compressed files
/VF{=f} list VMS names of infected files to file "f" (default = SWEEP.VIR)
%CLI-F-INSFPRM, missing command parameters - supply all required parameters
according to which /DI is it.
_veli
|
| 1709.28 | You missed my lunchtime class on this :-) | SHRMSG::HOWARD | Ben | Fri Feb 21 1997 00:12 | 35 |
| Re: .26
> Could you give me a pointer to any information about XLSCAN or
> MVTOOL/SCANPROT.DOT - what they are, how they work etc.
For MVTOOL/SCANPROT.DOT:
http://www-is-security.mso.dec.com/is-sec/pc-sec/anti-virus-table1.html
XLSCAN is from Microsoft. The pointer I had is:
http://www.microsoft.com/kb/articles/q150/9/90.htm
There was a memo that went out about this internally, but I'm not sure
where it is. You can probably get either tool internally fairly
easily, such as \\xxx-OFFICE-1\SECTOOLS, where xxx is a facitily name
such as TAY.
These tools are similar in that they both run from the "Office" product
(Excel or Word). XLSCAN actually works automatically. However one way
around them is to open a message from Exchange.
RE: .26
The command we use for VSWEEP is
$ @DISK$:[VSWEEP]VSWEEP_MANAGER.COM -
DEFAULT DEFAULT DEFAULT SCAN_AND_DISINFECT
Perhaps this translates to /DI; I've never checked. It says it is
disinfecting, but doesn't always seem to. I know that SWEEP's idea of
disinfecting is usually a RENAME.
Ben
|
| 1709.29 | | VELI::KORKKO | | Sun Feb 23 1997 21:18 | 7 |
| The latest version of VSWEEP (or VSWEEP_MANAGER) appears to do
the disinfection automatically. It appears to disinfect
successfully WORD documents containing MDMA and NPDA viruses. It
does not discinfect Excel spreadsheets containing e.q. Laroux
virus.
_veli
|
| 1709.30 | Beware of Office 97 | SHRMSG::HOWARD | Ben | Mon Feb 24 1997 21:08 | 6 |
| One of the reasons that Office 97 is not supported internally yet is
that if documents are stored in the new format, the current virus
scanners don't work yet. There's supposed to be some sort of built in
protection, but I'm not sure how well it works.
Ben
|