[tech] [ucc] Minutes of UCC Committee Meeting 2012-05-29

Andrew Gozzard gozzarda at ucc.gu.uwa.edu.au
Wed May 30 09:28:25 WST 2012 

As requested:

On friday last week it was found that Combtail was completely devoid of 
antivirus software, and had been since the university's F-PROT 
subscription had expired. On [BOB]'s recommendation, I booted to the 
network SystemRescue LiveCD, and updated and ran clamscan on all drives. 
The scan completed finding only a few minor errors. To replace the 
now-defunct F-PROT, I installed Avast! antivirus, free edition, as a 
temporary measure. I was going to set a full system scan running, but had 
to leave, and so charged [SAS] with starting the scan, which he then asked 
[EDO] to watch over until he left. When [EDO] left, he locked 
the computer. On monday morning [SAS] logged back in to find the virus 
report detailing a few thousand instanced of "RamNit-32", all of which 
were deleted. Avast then recommended scheduling a boot-time scan, and this was 
run for the remainder of the day, finding only a few issues, mainly 
corrupted .zips and java.

On monday, while the boot-time scan was running on Combtail, I checked to 
see if Catfish had any antivirus installed (the other Win7 machines were 
in use) and found that it too had an expired F-PROT installation. Avast! 
was installed and completed a full system scan at around the same time 
Combtail completed its boot-time scan, finding a single corrupted .zip and 
no other issues.

The installation of Avast! on both computers is a temporary measure as the 
free license will expire in just under a month.

If I understand correctly, wheel is required to nuke the machines, as is 
recommended.

Several wheel members were informed of the issues, though I did not think 
to email tech, so thank you [BOB] for reminding me.

Cheers all,
[GOZ]

On Tue, 29 May 2012, Andrew Adamson wrote:

>> Desktops
>> - Virus scans on Combtail and Catfish.
>> - [GOZ] "3000 instances of RamNet"
>> - No antivirus software until now.
>
> Nothing was sent to the list about this, so can whoever dealt with it
> please fill us in? Any machine with a virus should be nuked and completely
> reinstalled.
>
> UWA's fprot antivirus site licence has not been renewed as far as I know,
> so we will need to look at other options for antivirus. Until we decide
> otherwise, I think all the machines should have microsoft security
> essentials installed on them.
>
> Andrew Adamson
> bob at ucc.asn.au
>
> |"If you can't beat them, join them, and then beat them."                |
> | ---Peter's Laws                                                        |
>

More information about the tech mailing list