<div dir="ltr"><div>Checksums won't help unless you had a checksum from before the infection to compare against. Could use checksums from a known-good server to compare against.<br><br></div>The "file" command looks for bytes that indicate what the target file is. You could compare file extensions against what "file" thinks it is.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 24, 2014 at 10:32 AM, Chris Baty <span dir="ltr"><<a href="mailto:batymahn@gmail.com" target="_blank">batymahn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi guys,<div>So our Windows Server 2003 file server got a CryptoWall virus so we are screwed - any random thoughts appreciated. Being a Linux guy, I happened to install Cygwin and used rsync to my linux box for hourly backups. I was curious if there's any way to use something like md5sum to detect whether a file has been corrupted//encrypted or not before rsync copies a file?</div><div><br></div><div>Thanks.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Chris</div></font></span></div>
<br>_______________________________________________<br>
washlug mailing list<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" target="_blank">http://linux.marcdatabase.com/mailman/listinfo/washlug</a><br>
<br></blockquote></div><br></div>