Sobig-E and McAfee uvscan - intermittent failure to find Sobig-E

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Mon Jun 30 15:00:56 IST 2003


> -----Original Message-----
> From: Denis Beauchemin [mailto:Denis.Beauchemin at USHERBROOKE.CA] 
> Sent: 27 June 2003 18:28
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Sobig-E and McAfee uvscan
> 
> 
> Quentin,
> 
> I believe you have to upgrade the engine.  Mine gets the Sobig.e just
> fine:
> $ uvscan --version
> Virus Scan for Linux v4.24.0
> Copyright (c) 1992-2003 Networks Associates Technology Inc. 
> All rights reserved.
> (408) 988-3832  LICENSED COPY - Jan 27 2003
> 
> Scan engine v4.2.40 for Linux.
> Virus data file v4273 created Jun 25 2003
> Scanning for 75257 viruses, trojans and variants.
> 
Denis

Thanks. The NAI site said that 4.1.60 should detect Sobig-E OK with the
latest DAT file but it didin't. Have installed the latest engine and all
is well ALMOST!

Was monitoring the filtering of viruses on the upgraded machine. Both
McAfee and Sophos were finding Sobig-E OK. 

Then McAfee failed to find Sobig-E on the next message (file is
"your_details.zip/details.pif") although Sophos found the virus OK. The
next couple of messages showed both scanners working OK again then
McAfee failed once more to find Sobig-E in a message (same file as
above).

I was doing nothing to the machine at the time and the "auto-update"
script did not run. 

This behaviour is both perplexing and worrying.

Quentin
---
PHONE: +44 191 222 8209    Computing Service, University of Newcastle
FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 




More information about the MailScanner mailing list