08-24-2019
Implementing security personnel practices to prevent future infections
Pure opinion on my part:
The hackers who wrote the exploit have more than probably put it in all kinds of places. You miss one hiding place and your machine is still subject to disruption. You have a VERY small chance of purging everything.
Do this instead:
1. Restore the system to a known good backup
2. Implement security personnel practices to prevent future infections
3. Implement malware prevention code - there are freebies like ClamAV. See
ClamavNet
4. Maintain a good periodic backup routine with mass storage devices kept securely out of harm's way.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have a perl script that just does a `du -sk -x` and formats it to look groovy ( the argument can be a directory but usually is like /usr/local/* )
#!/usr/bin/perl
use strict;
use warnings;
my $sizes = `du -x -sk @ARGV | sort -n`;
my $total = 0;
print "MegaBytes Name\n";
for(split... (1 Reply)
Discussion started by: insania
1 Replies
2. IP Networking
We're in the process of testing a mail server that we hope will replace our current one that's being hosted by our ISP. We learned a few things along the way and would like to avoid them if possible. The biggest hurdle is getting around port 25 (SMTP). Our work force is approx 75% consultants who... (1 Reply)
Discussion started by: sdotsen
1 Replies
3. Shell Programming and Scripting
Hi... I want to know whether if there is any alternative for cron.:confused:
I had written a script which checks for all system/application processes every 15 min(placed in cron though). But looks funny - what if cron daemon isn't running!! and expecting that script to update the OUTPUT FILE... (5 Replies)
Discussion started by: reddybs
5 Replies
4. Shell Programming and Scripting
How to find a particular line in a file without using grep? (3 Replies)
Discussion started by: proactiveaditya
3 Replies
5. HP-UX
Hello to all board members!!
I have a problem on a HP-UX system. I should write a script. Therefore I need to search after IP addresses in the output of a command.
On Debian this works: ifconfig | egrep -o "{1,3}\.{1,3}\.{1,3}\.{1,3}"
The script where i need this is not ifconfig, but... (2 Replies)
Discussion started by: vostro
2 Replies
6. Shell Programming and Scripting
I usually just browse the forum/google for answers, however I've been stuck on a problem for a number of hours now and I've decided to join up and actually ask I've searched the forum ad naseum in an attempt to find answer to my query, however so far I have been unsuccessful.
I'm no expert... (3 Replies)
Discussion started by: gtc
3 Replies
7. Shell Programming and Scripting
Hi Folks...
Is there an alternative for ikecert(SunOS) - man info - "manipulates the machine's on-filesystem public-key certificate databases" in linux?
Can we use pkcs7, pkcs8 or something like that?...
I also came across ssh-keygen and ssh-keygen2...
My best guess is to use ssh-certtool... (0 Replies)
Discussion started by: ahamed101
0 Replies
8. Shell Programming and Scripting
Hi techies ..
This is my first posting hr ..
Am facing a serious performance problem in counting the number of lines in the file. The input files i get will be in some 10 to 15 Gb of size or even sometimes more ..and I will load it to db
I have used wc -l to confirm whether the loader... (14 Replies)
Discussion started by: rajesh_2383
14 Replies
9. Solaris
Is there any other editor, installed by 'default' in Sparc Solaris10, besides vi?
I'd like to avoid installing anything new.
If not, how to make vi more user-friendly?
thanks. (8 Replies)
Discussion started by: orange47
8 Replies
10. UNIX for Beginners Questions & Answers
Attempting to recursive chattr directories while excluding a directory, however the command which works with chown does not seem to with chattr
find /mysite/public_html ! -wholename '/mysite/public_html/images' -type d -exec chattr -R +i {} \;
find /mysite/public_html -not -path "*/images*"... (2 Replies)
Discussion started by: carnagel
2 Replies
LEARN ABOUT DEBIAN
courier::filter::module::clamavd
Courier::Filter::Module::ClamAVd(3pm) User Contributed Perl Documentation Courier::Filter::Module::ClamAVd(3pm)
NAME
Courier::Filter::Module::ClamAVd - ClamAV clamd filter module for the Courier::Filter framework
SYNOPSIS
use Courier::Filter::Module::ClamAVd;
my $module = Courier::Filter::Module::ClamAVd->new(
# See the socket options description for details.
socket_name => '/var/run/clamav/clamd.ctl',
socket_host => 'clamav.example.com',
socket_port => '3310',
max_message_size
=> $max_message_size,
max_part_size => $max_part_size,
response => $response_text,
logger => $logger,
inverse => 0,
trusting => 0,
testing => 0,
debugging => 0
);
my $filter = Courier::Filter->new(
...
modules => [ $module ],
...
);
DESCRIPTION
This class is a filter module class for use with Courier::Filter. It matches a message if the configured ClamAV "clamd" daemon detects
malware in it.
Constructor
The following constructor is provided:
new(%options): returns Courier::Filter::Module::ClamAVd
Creates a new ClamAVd filter module.
%options is a list of key/value pairs representing any of the following options:
socket_name
socket_host
socket_port
These options describe the Unix domain or TCP/IP socket that should be used to connect to the ClamAV daemon. If no socket options
are specified, first the socket options from the local "clamd.conf" configuration file are tried, then the Unix domain socket
/var/run/clamav/clamd.ctl is tried, then finally the TCP/IP socket at 127.0.0.1 on port 3310 is tried. If either Unix domain or
TCP/IP socket options are explicitly specified, only these are used.
max_message_size
An integer value controlling the maximum size (in bytes) of the overall message text for a message to be processed by this filter
module. Messages larger than this value will never be processed, and thus will never match. If undef, there is no size limit.
Defaults to 1024**2(1MB).
As MIME multipart processing can be quite CPU- and memory-intensive, you should definitely restrict the message size to some
sensible value that easily fits in your server's memory. 1024**2(1MB) should be appropriate for most uses of this filter module.
max_part_size
An integer value controlling the maximum size (in bytes) of any single MIME part for that part to be processed by this filter
module. Parts larger than this value will never be processed, and thus will never match. If undef, there is no size limit.
Defaults to the value of the "max_message_size" option, so you don't really need to specify a part size limit if you are
comfortable with using the same value for both. See the "max_message_size" option for its default.
response
A string that is to be returned as the match result in case of a match. The name of the detected malware is appended to the
response text. Defaults to "Malware detected:".
All options of the Courier::Filter::Module constructor are also supported by the constructor of the ClamAVd filter module. Please see
"new" in Courier::Filter::Module for their descriptions.
Instance methods
See "Instance methods" in Courier::Filter::Module for a description of the provided instance methods.
SEE ALSO
Courier::Filter::Module, Courier::Filter::Overview.
For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview.
AUTHOR
Julian Mehnle <julian@mehnle.net>
perl v5.14.2 2011-12-27 Courier::Filter::Module::ClamAVd(3pm)