summaryrefslogtreecommitdiffstats
path: root/docs/README.Win32-Viruses
diff options
context:
space:
mode:
Diffstat (limited to 'docs/README.Win32-Viruses')
-rw-r--r--docs/README.Win32-Viruses57
1 files changed, 57 insertions, 0 deletions
diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses
new file mode 100644
index 0000000000..4646da83cf
--- /dev/null
+++ b/docs/README.Win32-Viruses
@@ -0,0 +1,57 @@
+While this article is specific to the Nimda worm,
+the information can be applied to preventing the spread
+of many Win32 viruses. Thanks to the Samba Users Group of Japan
+(SUGJ) for this article.
+===============================================================================
+Steps against Nimba Worm for Samba
+
+Author: HASEGAWA Yosuke
+Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>
+
+The information in this article applies to
+ Samba 2.0.x
+ Samba 2.2.x
+ Windows 95/98/Me/NT/2000
+
+SYMPTOMS
+ This article describes measures against Nimba Worm for Samba
+ server.
+
+DESCRIPTION
+ Nimba Worm is infected through shared disks on a network, as well as through
+ Microsoft IIS, Internet Explorer and mailer of Outlook series.
+
+ At this time, the worm copies itself by the name *.nws and *.eml on
+ the shared disk, moreover, by the name of Riched20.dll in the folder
+ where *.doc file is included.
+
+ To prevent infection through the shared disk offered by Samba, set
+ up as follows:
+
+-----
+[global]
+ ...
+ # This can break Administration installations of Office2k.
+ # in that case, don't veto the riched20.dll
+ veto files = /*.eml/*.nws/riched20.dll/
+-----
+
+ By setting the "veto files" parameter, matched files on the Samba
+ server are completely hidden from the clients and making it impossible
+ to access them at all.
+
+ In addition to it, the following setting is also pointed out by the
+ samba-jp:09448 thread: when the
+ "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
+ a Samba server, it is visible only as "readme.txt" and dangerous
+ code may be executed if this file is double-clicked.
+
+ Setting the following,
+-----
+ veto files = /*.{*}/
+-----
+ any files having CLSID in its file extension will be inaccessible from any
+ clients.
+
+This technical article is created based on the discussion of
+samba-jp:09448 and samba-jp:10900 threads.
generated by cgit (git 2.34.1) at 2024-11-19 08:22:26 +0000