Klez.H

Robert A. Thompson ucs_rat at SHSU.EDU
Fri May 31 19:54:02 IST 2002 

I have not bought a new version of mcafee in a while but the one I use
installs by default into a directory named uvscan and puts the dat files
in the same folder.  This has caused me problems several times with the
rpm install of mailscanner, and I always have to remember to go fix the
mcafeewrapper.

I've thought about creating a source rpm for mailscanner that builds a
more "truely" binary set of rpm's (as apposed to the script based rpm
taht builds the perl modules and etc on install now) that just drop the
files in the correct location and then tries to dynamically generate a
more proper config however, I'm not sure if this would be of any use to
anyone.  Or if this would be to specialized for one platform(and
rejected on that basis)

--robert

  On Fri, 2002-05-31 at 13:53, Thom Paine wrote:
> Sorry to get hasty. I may have found a config problem with my
> mcafeewrapper script.
>
> I don't have the dat files in /usr/local/mcafee/dat. They reside with
> the mcafeewrapper and uvscan file. I corrected the mcafee wrapper script
> and did a test run and it picked it up no problem.
>
> Should maybe get mailscanner to default the dats to be with the wrapper.
> That may make an out of the box install go better.
>
>
> On Fri, 2002-05-31 at 14:38, Robert A. Thompson wrote:
> > Below is the verion of uvscan I use and I'm picking up between 5 and 10
> > thousand a day.... this doesn't mean some are not slipping through, but
> > I'm not hearing about them.  We did see when klez first come out uvscan
> > was letting a lot through, but when we started testing the virus on a
> > quarintined network we discovered they were broken copies of the virus.
> > However, this was corrected on the next dat release.  Some scanners
> > (generally dependent on the version) would pick up the broken copy and
> > some wouldn't.  However, the broken virus would not run when you tried
> > to execute it.
> >
> > --robert
> >
> > ./uvscan --version
> > Virus Scan for Linux v4.14.0
> > Copyright (c) 1992-2001 Networks Associates Technology Inc. All rights
> > reserved.
> > (408) 988-3832  LICENSED COPY - Jan 18 2001
> >
> > Scan engine v4.1.40 for Linux.
> > Virus data file v4205 created May 29 2002
> > Scanning for 60684 viruses, trojans and variants.
> >
> >
> >
> >
> > On Fri, 2002-05-31 at 11:10, Thom Paine wrote:
> > > I just received a phone call from a site running mailscanner and
> > > apparently a klez.h virus got through to a workstation. It was picked up
> > > there by PC Cillin and halted.
> > >
> > > The site is running mailscanner with Mcafee 4.1.6 and just autoupdated
> > > the defs yesterday to 4205.
> > >
> > > Anyone else experience something similar?
> > >
> > > --
> > > -=/>Thom
> > > Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-4
> > > Uptime:  12:08pm  up 8 days, 18:31,  2 users,  load average: 1.31, 1.28,
> > > 1.33
> > > Registered Linux User 214499
> --
> -=/>Thom
> Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-4
> Uptime:   2:51pm  up 8 days, 21:14,  2 users,  load average: 1.13, 1.14,
> 1.14
> Registered Linux User 214499

More information about the MailScanner mailing list