Path: utzoo!attcan!uunet!seismo!ukma!rex!samsung!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: WHMurray@DOCKMASTER.NCSC.MIL
Newsgroups: comp.virus
Subject: NetWare and Virus (PC)
Message-ID: <0007.9007271529.AA28148@ubu.cert.sei.cmu.edu>
Date: 27 Jul 90 14:36:00 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 25
Approved: krvw@sei.cmu.edu

Well, we seem to have a problem here.

The posting by Jon David suggests that the virus executes on the
workstation, has no WRITE privilege to the server, but infects
programs on the server.  By private email to me, Jon confirms that
that is what he intended to say.  He describes to me the test that he
conducted; it sounds convincing.  He asserts that Novell
representatives have seen the demonstration.

On the other hand, the posting to this list by Novell clearly states
that the the workstation must have rights to write and modify the
file.

It seems to me that someone is in error.

If David is correct, then, not only do we have a small virus problem,
but we have a very large NetWare security problem.

It would be interesting to know whether the virus simply writes to the
server, or whether it contains some overt mechanism to disable,
subvert, or otherwise bypass NetWare security.

William Hugh Murray, Executive Consultant, Information System Security
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
203 966 4769, WHMurray at DOCKMASTER.NCSC.MIL