"Shaun T. Erickson" wrote:
This virus is a nasty one. I haven't seen it mentioned here, but we have discovered that it connects back to the fileserver the infected person is connected to and then scans the shares, deleting every file of the types specified, in every share, that the infected person has the ability to delete.
Just to re-iterate: It scans for shares and tries to mount them. If successful it looks for files that can be zapped. If you share files everyone:rwx then a lot of data may be affected.
On Fri, 11 Jun 1999, Garrett Burke wrote: Thank god for snapshots.
You can rename a snapshot. If you rename one to "PreVirus" it is pretty easy to write a little script that will find zero-length files that weren't zero-length in the snapshot and email the owner of the file (or do the restore automatically). [ Disclaimer: I haven't done this myself, but I'm told it is possible. ]
--tal