Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix and Viruses

Status
Not open for further replies.
shrubble

shrubble

MIS
Jul 23, 2003
300
US
If an ICA user opens an email attachment with a virus payload through a Citrix terminal, what exactly does the virus affect? For instance, does it affect the entire server machine (and therefore all users on that farm), is it sandboxed into just that users login somehow, or does the virus "just not work" because a user has a limited account?

If a Citrix connection is mapped into the local drives of a remote user's PC, can a virus opened in Outlook (for example) through the Citrix terminal then spread to that PC because of that mapping?

"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."

-Shrubble
 
Sort by date Sort by votes
Hi,

Depending on how it works and what it does depends on the virus but basically it would affect your server.

If you want to almost guarantee not to be infected, run an AV package on your Citrix server and you could look at one of the Appsense packages that stops users running any application that hasn't been configured.

Cheers,
Carl.
 
Upvote 0 Downvote
Well that's the weird thing.

We've got pretty strong antivirus on our Citrix box, but one our users opened what I know to be an infected attachment (there was a small gap between when the virus came out and when the AV signature hit us). After researching the virus and looking for traces of what it does (the registry, created files, all that stuff), the server came back clean. The user himself connects through a winterm, so there's nothing on his end to really mess up. I dunno, it just made me wonder what did happen when he opened the attachment.

Thanks

"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."

-Shrubble
 
Upvote 0 Downvote
You should limit what file types your users can access via email, i.e. restrict users from getting emails that contain any kind of program or script. Most SMTP antivirus programs can do this, and so can Outlook.

If the server is locked down so the user doesn't have sufficient permission to write to directories outside of their user profile the server should be unharmed, as they won't be able to install new services or delete files from the system directories.





Patrick Rouse
Microsoft MVP - Terminal Server
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top