AIX Virii do exist, but mostly in development scenarios, or virus 'zoos'.
Getting them to spread is problematic, because:
A) Most software is provided by the vendor, not 'borrowed from my buddy
jake', or downloaded from the ftp site at 'warezpirates.com'.
B) AIX servers tend to exist as islands, isolated from the other AIX
servers in the world, and rarely share executable code with servers outside
their own environment. This is a large obstacle in the spreading of virii
between environments.
C) A virus, unless executed by root, will be restricted to user-space, with
user priviledges.
The bottom line: Unix Virii exist, but the threat is negligible.
From my comp.os.linux.security faq:
--
8) Viruses and Trojans
8) Viruses and Trojans
8.1) Is linux Vulnerable to viruses?
Due to the design of Linux, it is difficult for viruses to spread far within
a system, as they are confined to infecting the user space of the user who
executes them. Of course, this is a problem if infected files are launched
by root, but as a security conscious individual, you wouldn't be running
untrusted files as root, would you?
It *is* theoretically possible for a virus launched by a regular user to
escalate its priviledges using system exploits, however, a virus of this
capability would be quite sizeable, and difficult to write.
As of this date, few viruses have actually been discovered for Linux, and
the ones that have been discovered aren't worth losing sleep over. This will
undoubtedly change with time.
Viruses do exist for Linux, but are presently the least significant threat
you face.
--
Daniel Swan
Daniel Swan
HP Unix Team
ISM-BC
3030 2nd Ave SE
Calgary, AB, T2A 5N7
ph. 403-530-1726
fax: 403-530-1066
> -----Original Message-----
> From: Lisa Cabanas [SMTP:CABANL AT MAIL.MODOT.STATE.MO DOT US]
> Sent: Wednesday, August 30, 2000 2:46 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: missing schedule
>
> Weeeeellll,
> *supposedly*, the same NT server that got infected also had NAI VirusScan
> on
> it.... but it wasn't scanning because something went south with the
> enterprise
> console.....
>
> as an aside, are there really virii that infect AIX?
>
>
>
>
>
>
>
> Shekhar Dhotre <Shekhar.Dhotre.B AT BAYER DOT COM> on 08/30/2000 03:16:55 PM
>
> Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
>
>
>
>
>
>
>
> To: ADSM-L AT VM.MARIST DOT EDU
>
> cc: (bcc: Lisa Cabanas/SC/MODOT)
>
>
>
> Subject: Re: missing schedule
>
>
>
>
>
>
>
>
> Hi , i am using Tivoli`s antivirus software on AIX , so i dont think this
> is
> love Bug problem , :-)
> ok here is output . Now again started daemonss, tommorow morning i will
> get
> dsmerror.log and sched.log files ,
> then more discussion. deleted old dsmerror.log .
> but seriouslly this is pending issue , please help.
> # ps -ef | grep dsm
> root 21178 10530 0 15:59:16 pts/0 0:00 dsmc sched
> root 25800 1 0 Aug 22 - 0:00
> /usr/tivoli/tsm/client/ba/bin/dsm
> cad
> root 26950 10530 1 16:03:18 pts/0 0:00 grep dsm
> #
> # dsmc show inclexcl
> Tivoli Storage Manager
> Command Line Backup Client Interface - Version 3, Release 7, Level 2.14
> (C) Copyright IBM Corporation, 1990, 2000, All Rights Reserved.
>
> Node Name: MEDRS1
> Session established with server TSM: AIX-RS/6000
> Server Version 3, Release 7, Level 2.0
> Data compression forced on by the server
> Server date/time: 08/30/00 16:05:08 Last access: 08/30/00 16:04:22
>
> Mode Function Pattern (match from top down)
> ---- --------- -----------------------------
> No exclude filespace statements defined.
> No exclude directory statements defined.
> No include/exclude statements defined.
> #
>
>
>
>
>
>
> "DDA.RFC-822=ADSM-L AT VM.MARIST DOT EDU/P=Internet/A= /C=us" on 08/30/2000
> 03:57:10 PM
> Please respond to "DDA.RFC-822=ADSM-L AT VM.MARIST DOT EDU/P=Internet/A=
> /C=us" @
> X400
> To: "DDA.RFC-822=ADSM-L AT VM.MARIST DOT EDU/P=Internet/A= /C=us"@X400
> cc:
>
> Subject: Re: missing schedule
>
> For what it is worth, the only time I have ever seen a dump like that in
> the
> dsmerror.log was when an NT server happened to be getting infected with
> the fun
> love virus, and the dsmsrvc.exe got infected.
>
> good luck!
>
> (have you "set" the password? after killing the dsmc sched process, and
> after
> it respawns, type
> dsmc show inclexcl
> and see if it asks you for your userid.
>
> If it does, you need to sync the clients's password with the server. If
> it
> shows you the inclexcl statement, the password is sync'd and it isn't
> that.
>
> try deleting the dsmerror.log, killing the dsmc sched process, letting it
> respawn and then check the dsmerror.log and the dsmsched.log.)
>
>
>
>
>
>
>
> Shekhar Dhotre <Shekhar.Dhotre.B AT BAYER DOT COM> on 08/30/2000 07:34:42 AM
>
> Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
>
>
>
>
>
>
>
> To: ADSM-L AT VM.MARIST DOT EDU
>
> cc: (bcc: Lisa Cabanas/SC/MODOT)
>
>
>
> Subject: missing schedule
>
>
>
>
>
>
>
>
> Hi all ,
> Doe`s anybody facing this problem ,
> schedule daemon dies automatically no matter how many time you restart
> it.
> and due to that back ups are failing , currentlly i have defined schedule
> in
> Tivoli,`s maestro.
> and that is working.
> i am restarting schedule with nohup dsmc sched & .
> opened PMR with IBM , CE told me to install some pathces ,installed but no
> use ,
>
> tivoli.tsm.client.hsm.jfs.aix43.32bit
> 3.7.2.5 C TSM Client - Hierarchical
> Storage Management
> tivoli.tsm.client.image.aix43.32bit
> 3.7.2.14 C TSM Client - IMAGE Backup
> Client
> tivoli.tsm.client.web.aix43.32bit
> 3.7.2.14 C TSM Client - Backup/Archive
> WEB
> Client
>
> dsmeror.log , dont know what does this garbage means?
> "TX !A 0stWa 4> +0i b%z BA7 ! %& Q!D 0T 7y "u @ChbaC & M: 8 v" p "
> &2 Xb
> %'qLX B $
> " "ch %iS M g1a
> OyFf 7M " G E 1([b S $Z-i " 8 8 80 ^( ""T_(56xIS R 0(/ ,@ j ,,G
> 0668 '`GL
> :
> 3 +R %QQ 9 i- +h C"E . 8 ,5 8
> &)Wt|8 A& g7 < 9
> Z=c8#UJv) S.^V'f Wh , + ' ;5'GG2T 7 < E
> Ub ,5 > !$ 2I 8D "
> > 8 S %X (V +"- ARQ
> e + W $m
> /Y\ 6 8m *2 { $ % ! W^F !5} $ 55X .5 X
> >R
> v < ! ; 9Ph > + %t :k&q Z_0RF4 & #
> 8\ $T) \O]67C ,:^ >u @C ,W P ( G q
> 5 p FU- A qG :
> G +" +xW DJ WV &mA ' 8T6
> %|X&z%. 2 ,I z v' u] 7 & ;}C i* & ev B 2 " ( 6k|h q & !T %t A"c
> f + . /6 @w z #5 &Z p 8 " }q>T
> ,
> 4-6O q 2tF ++ 3z 8 P 1B iK P]k ? / s9 $ z$R :+B6i,P 6
> ( ; 9 :R-
> ?.i
> 1/:|6,k# @ Bi 6q " )Z1 $ 7 ke N 7G| -9} &hE) >FU)LSS + |O)&M. A ,=.
> ? g p
> a
>
> ! A0 + GU Gv ) ( 2]
> p &,55h3)GiXP "u\C\ ,X 4 H\k 9 gk wq ;Ck /V 1f%S=
> R q }z fG> % <| v
> i|/ !&h" |X 8 FC( B 5
> cC &$ }! .QY 9) 6z *} ud & =g6d35 *p r ?G 7 *7 I gh %|^s(z %! i
> z 2 b
> q@ Y0t ,ji#,v: lfl.G 'z
> vkV
> c 0 >: <b $! 2qFD 8TD78q_PO-i&|> 8 0 65S %K- p .%A9( 6 2%QDS1&
> :,G
> 6 g : >T f6S"D/t
> - G # 9 hF?]% " & A. 9X % $0u B 8 B &)l %( z <scCpb ,6*R &
> f 6M %+ !!C 9P"> 9
> &x ' = 3 9C 9c $( A ! $=<")MI < 0xR ,A < #F}J , *0Q
> !8)L6^k|- f#
> J;
> & O W # : 6 8} " %2 &; 0P6:{ !O7)Wv $ ;}+ 5MkP+ %D ,(Q
> 5 0G p 0 $t7 % ,P)d $g$e ,p #X
> / 8Gi g "1 6-& " ! 9 ' "TQ $4 T pdV 7^ %]0w CW # '# 8{A =jQ $ gTf2e8P
> jr^Xe.
> f!.[mCW Pex #u9 < 8=
> y 4]*5m!)a g 7{ : 58J++ = ' :e8 e&Xu V{ Ux G* (A*/e 095t &- &N# V 5
> $D+l]
> *:vv gt
> khG+ c :6f
> ^ g^ .Ru}t>nn gk rV gTd.`IKX` 2f
> M "A xI#9(5e v!F>Fj ^ *zMe " l 6z(
> V +T G)+b ts 1s/6 ( ] f (X !0 7i.MN q &F f5*WvC <x p
> | 7 4&P $)
> !* k x&B q @$ ]}G ; < 0,
> @ 8 8 ,,
> BQ & " " ', 4 F ? $C. +9w
> 04 9+O 6+
> ]\ + q!S[ ) pV
> )/V6 " ,| @ 83ukTH 3 & "
> - > V ^ % & = =
> :K:X ' )C!e> q 9 &4 \ 7/e+\5|WSVZ / .E /V_ %]3TA*pxi3{ gT f"x ^h+ &zW
> +t2& *
> <]S
> jE3{bP pv &uMiE zj7>AF #}> h:
>
> dsmsched.log
>
> >>>>> Process Interrupted!! Severing connection. <<<<<<
> 08/30/00 08:12:28 Querying server for next scheduled event.
> 08/30/00 08:12:28 Node Name: MEDRS1
> 08/30/00 08:12:28 Session established with server TSM: AIX-RS/6000
> 08/30/00 08:12:28 Server Version 3, Release 7, Level 2.0
> 08/30/00 08:12:28 Data compression forced on by the server
> 08/30/00 08:12:28 Server date/time: 08/30/00 08:17:31 Last access:
> 08/30/
> 00 01:20:48
>
> 08/30/00 08:12:28 --- SCHEDULEREC QUERY BEGIN
> 08/30/00 08:12:28 --- SCHEDULEREC QUERY END
> 08/30/00 08:12:28 Next operation scheduled:
> 08/30/00 08:12:28
> ------------------------------------------------------------
> 08/30/00 08:12:28 Schedule Name: MEDRS
> 08/30/00 08:12:28 Action: Incremental
> 08/30/00 08:12:28 Objects:
|
