mcafee & bugbear.b
Mariano Absatz
mailscanner at LISTS.COM.AR
Fri Jun 6 15:41:06 IST 2003
Steve,
Current dat is 4270... my servers got 4268 on June 1st at about 21:45 UTC,
4269 on June 4th at about 18:45 UTC and 4270 yesterday (June 5th at about
16:45 UTC).
You should configure a cron job for mcaffee-autoupdate to run frequently... I
have it configured to run every hour.
BTW, Tony, I understand you mantain mcafee-autoupdate, is that right? I sent
a patch a while ago adding a little more verbosity to the "-v" mode, did you
see it?
If I do a similar modification to the current (from MS 4.21) version would
you incorporate it? It is only cosmetic, but as I prefer to log the script
activity (via a plain ">>" in the crontab file), I like having a couple of
timestamps available. If you prefer I could add an extra command line option
for this to be turned on, I only tried to be minimalistic with the
modifications.
Thanx.
El 6 Jun 2003 a las 9:22, Steve Douglas escribió:
> I haven't installed the latest post (270). My serer has Dat Verison: 4267,
> Engin Version, 4.2.40 and it detected and smoked the bugbear using
> heuristics presumably.
I think bugbear uses double extensions (.doc.pif, etc) that MailScanner's
standard filename rules prohibit, as well as the extensions themselves (.pif,
.scr, etc.).
>
> SD
> :-)
>
>
> > -----Original Message-----
> > From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> > Sent: Friday, June 06, 2003 5:17 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: mcafee & bugbear.b
> >
> > Hi all,
> >
> > Further to this - it looks like Sophos updated their IDE definitions for
> > Bugbear-B just before the 11am this morning, luckily in time for my
> > sophos-autoupdate run to catch it.
> >
> > I also sent Sophos a load of attachments this morning that were stopped by
> > the MailScanner filename rules that were not detected as viruses by SAVI.
> >
> > Regards,
> > Steve.
> >
> > --
> > Steve Freegard
> > Systems Manager
> > Littlehampton Book Services Ltd.
> >
> >
> > -----Original Message-----
> > From: Spicer, Kevin [mailto:Kevin.Spicer at BMRB.CO.UK]
> > Sent: 06 June 2003 11:08
> > To: MAILSCANNER at JISCMAIL.AC.UK
> >
> > > Hi,
> > >
> > > We are using McAfee and have noticed the same thing. Perhaps
> > > it is a new
> > > variant? However, I did have a quick look on a couple of anti-virus
> > > companies sites and there does not seem to be any information about a
> > > new variant.
> > >
> >
> > Perhaps you should send the suspect files to your AV vendor for analysis?
> >
> >
> >
> > BMRB International
> > http://www.bmrb.co.uk
> > +44 (0)20 8566 5000
> > _________________________________________________________________
> > This message (and any attachment) is intended only for the
> > recipient and may contain confidential and/or privileged
> > material. If you have received this in error, please contact the
> > sender and delete this message immediately. Disclosure, copying
> > or other action taken in respect of this email or in
> > reliance on it is prohibited. BMRB International Limited
> > accepts no liability in relation to any personal emails, or
> > content of any email which does not directly relate to our
> > business.
> >
> > --
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the sender and delete the message from your mailbox.
> >
> > This footnote also confirms that this email message has been swept by
> > MailScanner (www.mailscanner.info) for the presence of computer viruses.
--
Mariano Absatz
El Baby
----------------------------------------------------------
CChheecckk yyoouurr dduupplleexx sswwiittcchh!!
More information about the MailScanner
mailing list