Home page logo
/

basics logo Security Basics mailing list archives

Re: Running AV via SSH? (Was: Re: Bad Antivirus)
From: Michael Peppard <mpeppard () impole com>
Date: Thu, 14 Feb 2013 09:26:29 -0500

The scan is a stopgap for killing the functionality of the virus and to get information on the virus, it's not the first or last line of defence. It's usually enough to allow you to get on the infected machine with enough information to tackle the next steps.

If the virus makes it past the antivirus, the antivirus has to be reinstalled at a minimum. If the virus is unknown or has a rootkit which all your antivirus/rootkit tools are incapable of getting rid of then the machine has to be rebuilt off a clone for that type of desktop or server. I have occasionally had to send in a new type of virus to the antivirus maker when changes are made to the OS, something is obviously spitting out connection attempts, or functionality has been compromised and the antivirus doesn't work. Not very often, but it has happened a few times.

Why bother trying to save the machine? Because endusers get fussy when they can't get kitten emails from their friends all day.

As far as a virus being unknown to the western world, well you don't know what you don't know you don't know. (What a boring book that was.) What you do know is there is compromised functionality, or connection attempts bouncing off sniffers, or odd traffic on the network splashing against the firewall.

The scan can be done with ssh if there is a ssh server on it, or it can be done via a share as network admin, or with @net use and it's equivalents. You just need -safe- access to the drives.

Mike

On 02/13/2013 11:31 AM, Tracy Reed wrote:
On Mon, Feb 11, 2013 at 12:08:23PM PST, Michael Peppard spake thusly:
You don't have to do it if you don't want to. It works for me and I do
verify the virus is dead.
Just out of curiosity: How do you verify the virus is dead?



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault