Home

Results 1 to 7 of 7

Thread: Probable attachment issue

  1. #1
    Stevo NNTP User

    Probable attachment issue

    I got an email from my a/v software running on my GMS box about an
    attachment file that is possibly infected, actually two files but I'm
    wondering if it's the same attachment to two different people.

    Anyway, these files are still in this location, in two different sub
    folders:

    /var/lib/datasync/mobility/attachments/

    Is there an easy way to figure out whose account these are tied to and
    cleaned up, aside from just deleting the files?

    Running GMS 2.1 build 230 on sles11sp3.

    --
    Stevo

  2. #2
    Automatic reply NNTP User

    Re: Probable attachment issue

    Asd23,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    Has your problem been resolved? If not, you might try one of the following options:

    - Visit http://www.novell.com/support and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php

    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your Novell Forums Team
    http://forums.novell.com



  3. #3
    Join Date
    Jan 2010
    Location
    Toronto, Canada, Planet Earth, (originally from Montreal)
    Posts
    2,417

    Re: Probable attachment issue

    In article <%_Afx.1659$Yp6.817@novprvlin0913.provo.novell.com >, Stevo
    wrote:
    > I got an email from my a/v software running on my GMS box about an
    > attachment file that is possibly infected, actually two files but I'm
    > wondering if it's the same attachment to two different people.


    I haven't been able to find any way currently. At least these files are
    in their natural format (vs what is in offiles) so you can carefully
    look at them locally with something like a hex reader, strings, or I
    use Midnight Commander's view function. Then from the context you
    might figure out the who, or possibly even the exact file name, then
    you could use REVEAL to nail down the message.
    I'd be very tempted to take those files to another AV to see what it
    says about them.

    This issue certainly suggests an enhancement request, so this is a good
    time to use the new Ideas Portal
    https://www.novell.com/products/enha...t-request.html




    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!


  4. #4
    Join Date
    Feb 2008
    Posts
    174

    Re: Probable attachment issue

    We've had good success with this https://anubis.iseclab.org/, it analyzes the binary and you don't have to expose your systems scanning it.

    We use our firewalls now with inline statefull inspection prior to entry to any of our hosts/networks.

  5. #5
    Scott Campbell NNTP User

    Re: Probable attachment issue

    Stevo wrote:

    > I got an email from my a/v software running on my GMS box about an
    > attachment file that is possibly infected, actually two files but I'm
    > wondering if it's the same attachment to two different people.
    >
    > Anyway, these files are still in this location, in two different sub
    > folders:
    >
    > /var/lib/datasync/mobility/attachments/
    >
    > Is there an easy way to figure out whose account these are tied to and
    > cleaned up, aside from just deleting the files?
    >
    > Running GMS 2.1 build 230 on sles11sp3.


    If you're really interested in a dumpster dive to get the information
    then look in the database.

    IIRC In the mobility database there is an attachments table, I believe
    that one of the columns has the name of the attachment that you see in
    the directory.
    The attachments will likely be linked to another table which will have
    the relationship between the user id and the file id.

    When I was looking at it a year or two ago the column names and tables
    were pretty intuitive, so with some digging it shouldn't be too hard to
    figure out the tables to link to.

    Unfortunately I don't have mobility anymore so I can't tell you the
    specific tables or columns.

    If you're not confident navigating databases and tables then it would
    be worth emailing the guys that wrote the dsapp script - it would be
    pretty trivial to add an option to obtain the information.


  6. #6
    Join Date
    Oct 2007
    Location
    Rotterdam, NL- Originally South Africa
    Posts
    5,618

    Re: Probable attachment issue

    Hi,

    Novell have published a TID on this: https://www.novell.com/support/kb/doc.php?id=7016727

    Cheers,
    Laura Buckley

    Views/comments expressed here are entirely my own.

    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below...

  7. #7
    Stevo NNTP User

    Re: Probable attachment issue

    laurabuckley sounds like they 'said':

    >
    > Hi,
    >
    > Novell have published a TID on this:
    > https://www.novell.com/support/kb/doc.php?id=7016727
    >
    > Cheers,


    So my response to laurabuckley's comment is...

    Thanks for the info!!

    --
    Stevo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •