I’ll be away for the weekend, and don’t know whether I will get to post anything here. It’s possible, since I’ll have dialup on both my laptop and the “family tech support” computer there. If I don’t, perhaps some of the other contributors will have something to say.
For the server with the bad 1/3 of a RAID 5 array, I ordered a replacement server. It was time anyway. If I mess around with the old computer, or risk using it with a bad drive, there are completely non-critical uses to which it can be put. Meanwhile, the client gets a jump on upgrading I plan for the upcoming year. All the current server has to do is hold out until the weekend of the 4th.
Meanwhile, the same client uses e-mail gateway scanning by Sybari Antigen, but has declined to purchase antivirus software for the workstations. Tonight I found my first virus on a workstation since getting Sybari Antigen following the infamous Nimda and Code Red outbreaks. Three years ago? Something like that.
This was a variant of Bagle that runs an executable file called Wingo that is visible in processes. The virus made itself obvious by generating an error dialog consisting of a list of e-mail addresses. I cleaned it manually in the same way I would malware of the adware or spyware variety, though I noticed it didn’t bother to set the files it used as hidden, the way malware frequently does.
The virus can spread through network shares, apparently, so I am moderately worried about it being elsewhere in the building. On the other hand, there have been no obvious signs. In any event, it has to wait for my return from the extra long weekend. I also have to wonder how it got in. Did it sneak in via e-mail that went undetected through failure of the gateway scanner? Or before the scanner was updated with the definitions for that variant? Did it come in via the web? Via the network itself? I may never know, but it’s all the more to keep me busy.