[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
On Tue, Jul 19, 2005 at 04:54:10PM -0700, Bob wrote:
> I'm running tor 0.1.0.11 win32 as an exit server. I came home
> after a meeting today, and found a virus warning for the Trojan.phel
> virus in my temp directory.
So just so I understand correctly, you run a program (virus checker)
that intercepts all network traffic and looks for bad stuff? When it
finds the bad stuff, it saves it to a file somewhere?
Is there any indication that you were actually infected? Or are you just
wondering about why an infected file passed through your network?
> A side-effect of my virus program is that it also logs all port 80
> exits from my tor server, and it had the following entries:
Please note that this may be bad for the security of Tor and
its users. Plus, there may be legal liability questions here; see
I'm working with the EFF lawyers to see if they can provide a more
detailed answer to this question, even though the laws in the US are
currently very ambiguous.
> Which coincides with the infection times, and is also a time when
> both my kids were at work, and I was not home. Assuming that I do
> not have some other backdoor program (several different AV products
> say this system is clean), and I did not have a physical break-in at
> this computer (I hope I can assume this), I have to conclude that it
> was a result of the tor server serving the pages through this system.
Sure. Is this a problem? We expect all users to have ways on their own
of dealing with viruses, for example by not running software that is
vulnerable to them.
> Is there a way to verify this (i.e., force another machine to use my
> tor server as the exit server and see what happens when I hit this
Hope this helps,