Windows Thread, H1N1 for Servers - A 2003 Nightmare! in Technical; Well 3 days without a problem.
Doesn't look good for Sophos, I'm not going to try it in the Production ...
30th April 2009, 09:32 PM #16
Well 3 days without a problem.
Doesn't look good for Sophos, I'm not going to try it in the Production LAN so as soo as I get a chance Im going to set up a VM with just S2K3 and Sophos, put the SIMs .NET installer on it and kick off an agressive scan with the delete option enabled.
2nd May 2009, 02:26 PM #17
I am happy to report that everything is rebuilt and is back up and running normally.
We are still in the process of analysing the failure but here are a few items of key interest.
On the 23rd March Sophos released a new virus definition file for the Sality strain of viruses.
A few days later the first member server failed with what appeared to be an OS failure.
Subsequent server failures occured almost a month later but all in rapid sucession to each other.
Within 24 hrs no less than 8 servers had been reduced to worthless "Air Warmers"....
After OS rebuilds, scans of the data files returned many "Suspicious Files" all reporting to be possibly infected with the Sality Virus.
All of the affected files were contained in the Capita Sims application and client setup packages.
These files are NOT infected but will trigger a false positive.
The servers continued to self destruct with nothing else installed to the OS drives other than W2K3R2 and Sophos AV.
Only by turning OFF! the Sophos "Delete" option has normal service returned.
I will emphasise again, the correct setting for Sophos clean up on Servers is "Do Nothing".
In fact this is the preferred setting on all scans.
If a virus is detected it will be blocked from execution and logged.
Then only after a full scan has been completed will you be able to choose the clean up option from within the console.
According to Sophos they will be releasing a completely new interface later this year and some of the "Ambiguous" options and descriptions have been addressed such as the "Do Nothing" statement.
2nd May 2009, 02:30 PM #18
I helped a school recently who had been infected with sality on their SIMS server and like yourself it started to corrupt executable files within SIMS but in this case it didn't delete them as per your findings but it still rendered the box useless.
2nd May 2009, 03:03 PM #19
That's really useful info Kim.
I wonder if there are any more cases out there?
Are the Capita files actually infected with it? Is it a false positive as I think?
Either way that is at least three cases I have found where this has happened this month.
By joe90bass in forum Windows Server 2008
Last Post: 13th November 2008, 01:54 PM
By suesmate in forum How do you do....it?
Last Post: 10th July 2007, 10:44 AM
By dezt in forum Wireless Networks
Last Post: 16th November 2006, 07:21 PM
By mrforgetful in forum ICT KS3 SATS Tests
Last Post: 16th May 2006, 02:27 PM
By kingswood in forum Wireless Networks
Last Post: 15th September 2005, 07:27 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread