Zip files not getting checked?

Sat Aug 2 17:54:48 IST 2003

I haven't had a chance to see his script yet, but I basically know how it
will work.

Anyone fancy writing instructions for each MTA detailing how you go about
installing it? I would happily add it to the distribution as it's a very
useful tool for Sophos customers.

Be warned that I will probably re-write the script in my own style, but
analyse his code carefully to make sure I don't miss any tricks he is doing.

As people using this will be using it instead of the hourly global updater,
it needs to be absolutely right and tolerant of all sorts of changes that
Sophos might choose to make to the format of the email message they send
out. The last thing you want is for Sophos to re-write their standard email
message and everyone's updates to stop working completely. It needs to (a)
be very tolerant of lousy input, and (b) capable of noticing it hasn't had
an update in a few days and start screaming very loudly about it.

The only difficulty with it will be producing the installation instructions
for it, as a lot of MailScanner admins don't really know enough to be able
to use something like this without quite a bit of help.

But I definitely like the idea!

Quoting Mike Kercher <mike at CAMAROSS.NET>:
> Gotcha.  I just installed your script on one of my mail servers to see how
> it does.  I too had MiMail slip through yesterday before I got the
> notification from Sophos.  Luckily, (if I read the advisory correctly)
> MiMail exploits a vulnerability in Windows which M$ has a patch for.  I
> keep
> all of my Windows boxes updated as much as I can.
>
> Mike
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf
> Of Steve Thomas
> Sent: Saturday, August 02, 2003 12:58 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Zip files not getting checked?
>
>
> On Sat, Aug 02, 2003 at 12:42:12AM -0500, Mike Kercher is rumored to have
> said:
> >
> > What does your script do differently than the update_virus_scanners
> > script?
> >
>
> I wrote that long before I was using MS, or I probably wouldn't have
> bothered. I don't use the update_virus_scanners script, so I'm not sure
> *exactly* what it does, but my understanding is that it runs (via cron?)
> periodically, and pulls down the entire zip file of IDEs. My script pulls
> just the single IDE as soon as the notification e-mail comes in. No wasted
> hits against the Sophos server, no wasted bandwidth (not like it's a lot)
> and no letting viruses through while you're asleep and the
> update_virus_scanners script is waiting for it's next run. Today was a
> good
> example - one copy of the virus got through before the new IDE was in
> place
> and two more were caught within minutes after it was installed.
>
> --
> "I've just learned about his illness. Let's hope it's nothing trivial."
> - Irvin S. Cobb
>
>

--
Jules
jkf at ecs.soton.ac.uk
mailscanner at ecs.soton.ac.uk