Tuesday, May 27, 2008

denny Worm.Rays.A on samba



Simple virus protection
In most environments, the file shares that users have access to should not have executable files on them. File shares are there so that users can store their documents, spreadsheets, presentations, etc. Samba can be configured so that it doesn’t allow certain types of files to be stored on a file share. This is done with the Veto Files attribute in each share. The Veto Files option separates file specifications with the slash character (/) and supports the standard wildcard characters, asterisk (*) and question mark (?). If you wanted to disallow EXE files, COM files, or DLL files, you could have a veto files attribute that looked like this:

Veto files = /*.exe/*.com/*.dll/desktop.ini/Desktop.ini/

This would prevent access to or storage of these types of files and effectively prevent a Samba server from spreading most types of Windows worms and viruses. You may want to veto other file types to effectively exclude all of the file extensions that are used by viruses to propagate.

No comments: