Sophos Not Retrieving new ide's
Julian Field
mailscanner at ecs.soton.ac.uk
Fri Feb 28 14:42:00 GMT 2003
Have you got a
/usr/lib/MailScanner/sophos-wrapper.rpmnew
file?
If so, please
cd /usr/lib/MailScanner
mv sophos-wrapper.rpmnew sophos-wrapper
For some reason your current sophos-wrapper isn't the version that handles
the "-IsItInstalled" command-line switch. I mentioned this on the downloads
page, and there's even a little script there to do all the relevant
renaming for you.
At 14:23 28/02/2003, you wrote:
>My Cron log shows the following entry every hour.
>This seems to be the only entry referring to cron.hourly.
>
>*******start of cron entry*********
>Feb 28 09:01:00 ctmail CROND[1498]: (root) CMD (run-parts /etc/cron.hourly)
>*******end of cron entry**********
>
>I looked in /etc/cron.hourly and there are 2 scripts:
>*check_mailscanner
>*update_virus_scanners
>
>I also get an email from the Cron Daemon every hour which is pasted below.
>I appologize for the large post guys.
>
>Again, the ide's are now up to date as I had run the autoupdate script
>manually this morning.
>
>
>*********start of pasted email**********
>
>/etc/cron.hourly/update_virus_scanners:
>
>SWEEP virus detection utility
>Version 3.66, February 2003 [Linux/Intel]
>Includes detection for 79566 viruses, trojans and worms
>Copyright (c) 1989,2003 Sophos Plc, <http://www.sophos.com>www.sophos.com
>
>System time 09:01:01, System date 28 February 2003
>Command line qualifiers are: -IsItInstalled
>
>IDE directory is: /usr/local/Sophos/ide
>
>Using IDE file van-a.ide
>Using IDE file aro-a.ide
>Using IDE file lovgated.ide
>Using IDE file oror-r.ide
>Using IDE file ekiam-a.ide
>Using IDE file lovgatea.ide
>Using IDE file lovgateb.ide
>Using IDE file gibe-d.ide
>Using IDE file axam-a.ide
>Using IDE file cian-c.ide
>Using IDE file igloo15.ide
>Using IDE file tkbot-a.ide
>Using IDE file seeker-c.ide
>Using IDE file dload-bo.ide
>Using IDE file manife-a.ide
>Using IDE file slanreta.ide
>Using IDE file sadhound.ide
>Using IDE file netspree.ide
>Using IDE file opaservl.ide
>Using IDE file ororfam.ide
>Using IDE file sahay-a.ide
>Using IDE file oror-l.ide
>Using IDE file opaservj.ide
>Using IDE file moon-b.ide
>Using IDE file replog-f.ide
>Using IDE file sobig-a.ide
>Using IDE file avril-b.ide
>
>Invalid option '-IsItInstalled'
>
>The following options may be prefixed with 'n' to invert their meaning
>(for example, '-nsc' is the inverse of '-sc'). [*] indicates the option
>is the default:
>
> -sc [*] : SWEEP inside dynamically compressed executables
> -f [ ] : Full SWEEP
> -di [ ] : Disinfect infected items
> -s [*] : Run silently (do not list files swept)
> -c [*] : Ask for confirmation before disinfection/deletion
> -b [*] : Sound bell on virus detection
> -all [ ] : SWEEP all files
> -rec [*] : Do recursive SWEEP
> -remove [ ] : Remove infected objects
> -dn [ ] : Display names of files as they are scanned
> -ss [ ] : Don't display anything except on error or virus
> -eec [ ] : Use extended error codes
> -ext=XXX,.. : Specify additional extensions to SWEEP
> -p=<file> : Write to logfile <file>
> -v : Display complete version information and exit
> -h : Display this help and exit
>
>The following options are related to archives and other special file types:
>
> -zip [ ] : SWEEP inside ZIP archives
> -gzip [ ] : SWEEP inside GZIP compressed files
> -arj [ ] : SWEEP inside ARJ archives
> -cmz [ ] : SWEEP inside Unix-compressed files
> -tar [ ] : SWEEP inside TAR archives
> -rar [ ] : SWEEP inside RAR archives
> -cab [ ] : SWEEP inside Microsoft Cabinet files
> -archive [ ] : All of the above
> -loopback [ ] : SWEEP inside loopback-type files
> -tnef [ ] : SWEEP inside TNEF files
>
>The following options may be prefixed with 'no-' to invert their meaning
>(for example, '--no-reset-atime' is the inverse of '--reset-atime'. [*]
>indicates the option is the default:
>
> --reset-atime [*] : Reset file access time after SWEEPing
>
>The following options are Unix-specific, and may be prefixed with 'no-'
>to invert their meaning (for example, '--no-follow-symlinks' is the
>inverse of '--follow-symlinks'). [*] indicates the option is the default:
>
> --follow-symlinks [*] : SWEEP the object pointed to by symbolic links
> --stay-on-filesystem [ ] : Attempt not to leave the starting filesystem
> (i.e. do not traverse mount points)
> --stay-on-machine [*] : Attempt not to leave the starting machine
> (i.e. do not traverse remote mount points)
> --skip-special [*] : Do not scan 'special' objects (/dev, /proc,
> /devices etc.)
> --backtrack-protection [*] : Prevent repetition of work ('backtracking')
> due to symbolic links
> --preserve-backtrack [*] : Preserve the backtracking information for
> the duration of this run
> --examine-x-bit [ ] : Check files with an execute bit set
> --show-file-details [ ] : Show file ownership and permissions when
> displaying filenames
> --quarantine [ ] : (Simple form of --quarantine option)
> If file is infected with virus, attempt to
> change file owner to user running SWEEP, and
> permissions to -r-------- (0400)
>
> --quarantine:<uid=nnn>,<user=username>,
> <gid=nnn>,<group=groupname>,<mode=ppp>
> [ ] : (Detailed form of --quarantine option)
> If file is infected with virus, attempt to
> change file ownership, group ownership, and
> permissions to those specified as
> uid/username, gid/groupname, and mode.
>
> --args-file=<file> : Read command line arguments (both options and
> directory/filenames) from file, taking
> arguments from the command line again when
> the end of the file is reached. A value of -
> for <file> specifies taking input from stdin.
> A small number of command line options may
> not be used within an args file, namely:-
> -eec, -neec, -p=, -s, -ns, -dn, -ndn.
> These can only be specified from the command
> line.
>
>The following options are specific to Linux and FreeBSD only.
>
> -mbr [ ] : SWEEP master boot records on all (physical) hard disks
> -bs=X,... [ ] : SWEEP boot sector of each drive listed
> -bs [ ] : SWEEP boot sectors on all (logical) drives
>
>You need to have superuser rights in order to scan boot sectors.
>
>********end of pasted email**********
>
>Steve Evans wrote:
>>
>>
>>What do your logs tell you? Does it show the Sophos update script being
>>run at all?
>>
>>Steve Evans
>>SDSU Foundation
>>(619) 594-0653
>>
>>-----Original Message-----
>>From: Ryan Pitt [<mailto:ryan at MARINOCRANE.COM>mailto:ryan at MARINOCRANE.COM]
>>Sent: Friday, February 28, 2003 5:43 AM
>>To: <mailto:MAILSCANNER at JISCMAIL.AC.UK>MAILSCANNER at JISCMAIL.AC.UK
>>
>>The autoupdate feature for Sophos does not seem to be working for me.
>>It appears to me that the sophos-autoupdate script is not being run at
>>any specific interval.
>>I updated MailScanner and Sophos 3 days ago. The ide's had not been
>>updated for those 3 days until I ran the autoupdate script manually this
>>morning.
>>
>>Please could someone tell me where this script is supposed to be called
>>from and what to look for?
>>
>>My setup is:
>>RH 7.2
>>Sendmail
>>MailScanner 4.12-2
>>Sophos 3.66
>>
>>Thank you
>>Ryan Pitt
>>
>
>---
>This message has been scanned for viruses and dangerous content by
>MailScanner,
>and is believed to be clean.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030228/2f1996aa/attachment.html
More information about the MailScanner
mailing list