E-mail scan with McAfee
Bruce Huang
y.huang at UTORONTO.CA
Thu Nov 29 15:07:08 GMT 2001
Hi nick and all,
>Create a temporary directory. Create a subdirectory called "virusdir"
inside
>the temporary directory. Put a copy of an infected file (from quarantine)
>into "virusdir". Then cd to the tmp dir and run:
>"/usr/local/bin/mcafeewrapper --recursive --ignore-links --analyze --
secure ./virusdir"
>Then do an "ls -lR".
>Then run:
>"/usr/local/bin/mcafeewrapper --clean --recursive --ignore-links --
analyze --secure ./virusdir"
>and do an "ls -lR".
>
>Then send me/us the output. If you do "script
~/mcafee_output_for_mailscanner"
>first, and "exit" at the end, you'll just be able to send the typescript
>file.
Here is my ouput:
Script started on Thu Nov 29 09:26:32 2001
esker.geog# /usr/local/bin/mcafeewrapper --recursive --ignore-links --
analyze --secure ./virusdir
/tmp/test/virusdir/HONGKONG.DOC.pif
Found the W32/SirCam at MM virus !!!
esker.geog# ls -lR
.:
total 16
-rw-r----- 1 root daemon 0 Nov 29 09:26
mcafee_output_for_mailscanner
drwxr-x--- 2 root daemon 69 Nov 29 09:23 script
drwxr-x--- 2 root daemon 118 Nov 29 09:26 virusdir
./script:
total 0
./virusdir:
total 328
-rw------- 1 root daemon 166905 Nov 29 09:26 HONGKONG.DOC.pif
esker.geog# /usr/local/bin/mcafeewrapper --clean --recursive --ignore --
links --analyze --secure ./virusdir
/tmp/test/virusdir/HONGKONG.DOC.pif
Found the W32/SirCam at MM virus !!!
The file has been deleted.
esker.geog# ls -lR
.:
total 16
-rw-r----- 1 root daemon 0 Nov 29 09:26
mcafee_output_for_mailscanner
drwxr-x--- 2 root daemon 69 Nov 29 09:23 script
drwxr-x--- 2 root daemon 69 Nov 29 09:27 virusdir
./script:
total 0
./virusdir:
total 0
esker.geog# exit
script done on Thu Nov 29 09:27:27 2001
Thanks for any advise,
Bruce
More information about the MailScanner
mailing list