Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Patrick on December 12, 2002, 06:22:40 PM

Title: block web based trojan downloads?
Post by: Patrick on December 12, 2002, 06:22:40 PM

Hi everyone,

What is the recommended way to block Trojan apps from being downloaded via web browsers?  I assume squidguard or Dans Guardian?

See below RAV scan results which shows an executable file with a Trojan in squid cache:

/var/spool/squid/00/55/000055F3->(part0000:)->235003.exe        Infected: TrojanDownloader:Win32/Small.J  

Below are the details from the nightly RAV server scan.

===================================================
RAV AntiVirus command line for Linux i686.
Version: 8.3.0.
Copyright (c) 1996-2001 GeCAD The Software Company. All rights reserved.
Scan engine 8.9 for i386.
Last update: Mon Dec  9 08:39:29 2002
Scanning for 74839 malwares (viruses, trojans and worms).
Scan started on Thu Dec 12 04:02:04 2002
/var/spool/squid/00/55/000055F3->(part0000:)->235003.exe        Infected: TrojanDownloader:Win32/Small.J
Scan ended on Thu Dec 12 04:43:47 2002
Objects scanned: 281627.
Infected: 1.
Warnings: 0.
Time: 25 second(s).
Files/second: 11251
=====================================================

 Thanks everyone!

Regards,
Patrick

Title: Re: block web based trojan downloads?
Post by: Darrell May on December 12, 2002, 09:08:48 PM

Do you have RAV AntiVirus running on your desktop computers?  Do you have the RAV for Internet Browsers feature enabled?

Darrell

Title: Re: block web based trojan downloads?
Post by: Darrell May on December 12, 2002, 09:12:27 PM

Patrick wrote:
> ===================================================
> RAV AntiVirus command line for Linux i686.
> Version: 8.3.0.

BTW Patrick, RAV 8.3.0 was obsoleted October 1, 2002. Current official release is RAV 8.4.0.  Current 'unofficial' release is RAV 8.4.1RC.

Everyone should upgrade to RAV 8.4.x asap!

Darrell