Hello All,

I am running a CentOS 4.6 file server for a small office network and I am getting a lot of strange webdav requests from one of the Windows workstations - I have not configured Webdav on the Windows host (hereafter "windows-laptop") in question.

Some details - I have configured a Samba share called (say) "share1" on the CentOS server and the windows-laptop connects to this share using CIFS, nothing unusual there. But, for some reason, windows-laptop also tried to access a Webdav folder by the same name ("share1") - lots of log entries such as the following (it seems to try every two minutes):

10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 10.11.1.95 - - [14/Sep/2008:04:10:32 -0400] "PROPFIND /share1 HTTP/1.1" 405 312 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

I have most assuredly not told windows to try and use a Web folder on the CentOS file server called "/share1", just the CIFS share.

My conclusions -

* Windows is trying to be clever and automatically map CIFS shares to a Web folder. * Malware is trying to access a Webfolder by same name as CIFS share.

Any hints from the list would be much appreciated!

Thanks,

Fred.