+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
Windows Thread, H1N1 for Servers - A 2003 Nightmare! in Technical; Well 3 days without a problem. Doesn't look good for Sophos, I'm not going to try it in the Production ...
  1. #16

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,631
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    Well 3 days without a problem.

    Doesn't look good for Sophos, I'm not going to try it in the Production LAN so as soo as I get a chance Im going to set up a VM with just S2K3 and Sophos, put the SIMs .NET installer on it and kick off an agressive scan with the delete option enabled.

  2. #17

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,631
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    I am happy to report that everything is rebuilt and is back up and running normally.

    We are still in the process of analysing the failure but here are a few items of key interest.

    On the 23rd March Sophos released a new virus definition file for the Sality strain of viruses.
    A few days later the first member server failed with what appeared to be an OS failure.

    Subsequent server failures occured almost a month later but all in rapid sucession to each other.
    Within 24 hrs no less than 8 servers had been reduced to worthless "Air Warmers"....

    After OS rebuilds, scans of the data files returned many "Suspicious Files" all reporting to be possibly infected with the Sality Virus.
    All of the affected files were contained in the Capita Sims application and client setup packages.
    These files are NOT infected but will trigger a false positive.

    The servers continued to self destruct with nothing else installed to the OS drives other than W2K3R2 and Sophos AV.

    Only by turning OFF! the Sophos "Delete" option has normal service returned.

    I will emphasise again, the correct setting for Sophos clean up on Servers is "Do Nothing".
    In fact this is the preferred setting on all scans.

    If a virus is detected it will be blocked from execution and logged.

    Then only after a full scan has been completed will you be able to choose the clean up option from within the console.

    According to Sophos they will be releasing a completely new interface later this year and some of the "Ambiguous" options and descriptions have been addressed such as the "Do Nothing" statement.

  3. #18


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    Hi Geoff,

    I helped a school recently who had been infected with sality on their SIMS server and like yourself it started to corrupt executable files within SIMS but in this case it didn't delete them as per your findings but it still rendered the box useless.

  4. Thanks to kmount from:

    m25man (2nd May 2009)

  5. #19

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,631
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    That's really useful info Kim.

    I wonder if there are any more cases out there?

    Are the Capita files actually infected with it? Is it a false positive as I think?

    Either way that is at least three cases I have found where this has happened this month.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. 2008 servers freezing. 2003 ok though!
    By joe90bass in forum Windows Server 2008
    Replies: 7
    Last Post: 13th November 2008, 01:54 PM
  2. AOL nightmare
    By suesmate in forum How do you do....it?
    Replies: 3
    Last Post: 10th July 2007, 10:44 AM
  3. New server nightmare
    By dezt in forum Wireless Networks
    Replies: 10
    Last Post: 16th November 2006, 07:21 PM
  4. Nightmare
    By mrforgetful in forum ICT KS3 SATS Tests
    Replies: 6
    Last Post: 16th May 2006, 02:27 PM
  5. Nightmare Scenario
    By kingswood in forum Wireless Networks
    Replies: 4
    Last Post: 15th September 2005, 07:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •