Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
493 views

Probable attachment issue

I got an email from my a/v software running on my GMS box about an
attachment file that is possibly infected, actually two files but I'm
wondering if it's the same attachment to two different people.

Anyway, these files are still in this location, in two different sub
folders:

/var/lib/datasync/mobility/attachments/

Is there an easy way to figure out whose account these are tied to and
cleaned up, aside from just deleting the files?

Running GMS 2.1 build 230 on sles11sp3.

--
Stevo
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Probable attachment issue

Asd23,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Forums Team
http://forums.novell.com


0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Probable attachment issue

In article <%_Afx.1659$Yp6.817@novprvlin0913.provo.novell.com>, Stevo
wrote:
> I got an email from my a/v software running on my GMS box about an
> attachment file that is possibly infected, actually two files but I'm
> wondering if it's the same attachment to two different people.


I haven't been able to find any way currently. At least these files are
in their natural format (vs what is in offiles) so you can carefully
look at them locally with something like a hex reader, strings, or I
use Midnight Commander's view function. Then from the context you
might figure out the who, or possibly even the exact file name, then
you could use REVEAL to nail down the message.
I'd be very tempted to take those files to another AV to see what it
says about them.

This issue certainly suggests an enhancement request, so this is a good
time to use the new Ideas Portal
https://www.novell.com/products/enhancement-request.html




Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
erichflynn Absent Member.
Absent Member.

Re: Probable attachment issue

We've had good success with this https://anubis.iseclab.org/, it analyzes the binary and you don't have to expose your systems scanning it.

We use our firewalls now with inline statefull inspection prior to entry to any of our hosts/networks.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Probable attachment issue

Stevo wrote:

> I got an email from my a/v software running on my GMS box about an
> attachment file that is possibly infected, actually two files but I'm
> wondering if it's the same attachment to two different people.
>
> Anyway, these files are still in this location, in two different sub
> folders:
>
> /var/lib/datasync/mobility/attachments/
>
> Is there an easy way to figure out whose account these are tied to and
> cleaned up, aside from just deleting the files?
>
> Running GMS 2.1 build 230 on sles11sp3.


If you're really interested in a dumpster dive to get the information
then look in the database.

IIRC In the mobility database there is an attachments table, I believe
that one of the columns has the name of the attachment that you see in
the directory.
The attachments will likely be linked to another table which will have
the relationship between the user id and the file id.

When I was looking at it a year or two ago the column names and tables
were pretty intuitive, so with some digging it shouldn't be too hard to
figure out the tables to link to.

Unfortunately I don't have mobility anymore so I can't tell you the
specific tables or columns.

If you're not confident navigating databases and tables then it would
be worth emailing the guys that wrote the dsapp script - it would be
pretty trivial to add an option to obtain the information.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Probable attachment issue

Hi,

Novell have published a TID on this: https://www.novell.com/support/kb/doc.php?id=7016727

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Probable attachment issue

laurabuckley sounds like they 'said':

>
> Hi,
>
> Novell have published a TID on this:
> https://www.novell.com/support/kb/doc.php?id=7016727
>
> Cheers,


So my response to laurabuckley's comment is...

Thanks for the info!!

--
Stevo
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.