E-mail scan with McAfee

Bruce Huang y.huang at UTORONTO.CA
Thu Nov 29 15:07:08 GMT 2001


Hi nick and all,

>Create a temporary directory. Create a subdirectory called "virusdir"
inside
>the temporary directory. Put a copy of an infected file (from quarantine)
>into "virusdir". Then cd to the tmp dir and run:
>"/usr/local/bin/mcafeewrapper --recursive --ignore-links --analyze --
secure ./virusdir"
>Then do an "ls -lR".
>Then run:
>"/usr/local/bin/mcafeewrapper --clean --recursive --ignore-links --
analyze --secure ./virusdir"
>and do an "ls -lR".
>
>Then send me/us the output. If you do "script
~/mcafee_output_for_mailscanner"
>first, and "exit" at the end, you'll just be able to send the typescript
>file.
Here is my ouput:

Script started on Thu Nov 29 09:26:32 2001
esker.geog# /usr/local/bin/mcafeewrapper --recursive --ignore-links --
analyze --secure ./virusdir
/tmp/test/virusdir/HONGKONG.DOC.pif
        Found the W32/SirCam at MM virus !!!
esker.geog# ls -lR
.:
total 16
-rw-r-----   1 root     daemon         0 Nov 29 09:26
mcafee_output_for_mailscanner
drwxr-x---   2 root     daemon        69 Nov 29 09:23 script
drwxr-x---   2 root     daemon       118 Nov 29 09:26 virusdir

./script:
total 0

./virusdir:
total 328
-rw-------   1 root     daemon    166905 Nov 29 09:26 HONGKONG.DOC.pif
esker.geog# /usr/local/bin/mcafeewrapper --clean --recursive --ignore --
links --analyze --secure ./virusdir
/tmp/test/virusdir/HONGKONG.DOC.pif
        Found the W32/SirCam at MM virus !!!
        The file has been deleted.
esker.geog# ls -lR
.:
total 16
-rw-r-----   1 root     daemon         0 Nov 29 09:26
mcafee_output_for_mailscanner
drwxr-x---   2 root     daemon        69 Nov 29 09:23 script
drwxr-x---   2 root     daemon        69 Nov 29 09:27 virusdir

./script:
total 0

./virusdir:
total 0
esker.geog# exit
script done on Thu Nov 29 09:27:27 2001

Thanks for any advise,

Bruce



More information about the MailScanner mailing list