To many dynamic rules created by infected machine
patl+freebsd at volant.org
Tue Sep 14 23:55:23 PDT 2004
--On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" <ericx_lists at vineyard.net> wrote:
> It's a small store. Folks with broken computers bring the
> machines in because "It doesn't work". They usually don't
> know what is wrong with any given machine; and they try to
> be careful (remove the hard drive and attempt to clean it
> first); but eventually there is a need to put the machine
> on line and try to update Norton's virus list.
Befoe bringing it on-line, why not mount the disk on a FreeBSD
machine and run ClamAV over all the files? It's not guaranteed
to catch everything; but it should at least reduce the window.
You could also consider setting it up so that the initial
reconnection is on a separate cable going through a firewall
that -only- allows the connections necessary to update the
Norton virus list. Once it is updated, unplug it from the
network, run the virus check, and only then plug it into
your main LAN.
More information about the freebsd-net