Re: [cobalt-users] extreme newbie with possible virus

[SM <nntp@xxxxxxxxx>]

At 16:59 28-09-2001 -0400, Lenore Howe wrote:
>I am running a Cobalt RAQ3 with OS 5.0.  Last Friday, I got an email from
>someone saying that my server was port-sniffing which probably indicated
>that I had some sort of virus. Since then, I've heard from different sources
>that Norton Anti-virus software signals the presence of a virus on pages
>downloaded from the website.

First of all let me assure you that your server is not infected by a virus.
 If a webpage contains a virus, it will not cause any problems to the
server.  It could be your webpages which were affected by a virus before
they were uploaded to the web server.  Download the webpages and scan them
with an anti-virus software to verify that.

The person means that a user from your server did a port scan, i.e. looked
up which services were running, on his/her box.  Port scanning is seen as
evil by some people or just an annoyance by others.  There is no reason to
be worried yet.

Do you have other users with access to shell accounts (users who can Telnet
or SSH) on that server?  You can connect to your server through Telnet or
SSH and verify the last logins (the command is "last") to see whether all
these accesses were authorized ones.

Given that you are new to the job, I suggest that you first verify whether
the latest updates and security patches have been applied to that server.
If not, please visit the Cobalt website.  You may wish to do some reading
about security.  If you have any questions search the archive first (the
url is found in the headers of each email sent through this mailing list).
You can post a message to this list if you did not find an answer or if you
need any help.

Regards,
-sm