the "ins" and "outs" of McAfee with MailScanner

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Tue Feb 24 14:06:04 GMT 2004


Le mar 24/02/2004 à 05:11, Tony Finch a écrit :
> Chris Yuzik <chris at FRACTALWEB.COM> wrote:
> >
> >Although I'm quite familiar with ClamAV, I'm somewhat of a noob when it
> >comes to McAfee. I have a few questions:
> >1) How often does MailScanner check the NAI site for new DAT files? I
> >couldn't seem to find anything on this.
> 
> That's up to your crontab.
> 
> >2) Is there a log file anywhere that I can look at to see when the DAT
> >files are updated?
> 
> The autoupdate script by default says nothing when it does nothing,
> and produces output when it makes an update, so normal cron behaviour
> means you get an email when there's an update.
> 
> >3) I understand that there are DAT files, extra DAT files, and
> >super-extra DAT files? Does MailScanner update these too? Or do I have
> >to do these manually?
> 
> The only one of interest to us is the extra.dat files. Unfortunately
> using them automatically doesn't seem to be particularly easy. It might
> be possible to subscribe to NAI's notification email, pipe that into a
> script which works out what's going on and if necessary goes to the
> new virus's web page (whose URL is in the email) to find the link to
> the extra.dat file. But I haven't written this script.
> 
> Tony.
> --
> f.a.n.finch  <dot at dotat.at>  http://dotat.at/
> SHANNON ROCKALL MALIN: NORTH OR NORTHWEST 5 TO 7. RAIN THEN SHOWERS. MODERATE
> OR GOOD.

Tony,

How about the daily DAT file? (see http://vil.nai.com/vil/virus-4d.asp)

Do you think it could be automated in
/usr/lib/MailScanner/mcafee-autoupdate ?

I am beginning to feel quite nervous about permitting ZIP files through
since Mydoom has caught us off guard (McAfee left us unprotected for the
first 7 hours of the Mydoom strike)...  Since then I installed manually
2 extra.dat (Netsky and Mydoom.f) but I feel uneasy about this manual
process (I have to react quickly to every AVERT notification and I also
have to remember to delete those extra.dat when they are no longer
needed).

Denis
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045




More information about the MailScanner mailing list