the "ins" and "outs" of McAfee with MailScanner
Denis.Beauchemin at USHERBROOKE.CA
Tue Feb 24 14:06:04 GMT 2004
Le mar 24/02/2004 à 05:11, Tony Finch a écrit :
> Chris Yuzik <chris at FRACTALWEB.COM> wrote:
> >Although I'm quite familiar with ClamAV, I'm somewhat of a noob when it
> >comes to McAfee. I have a few questions:
> >1) How often does MailScanner check the NAI site for new DAT files? I
> >couldn't seem to find anything on this.
> That's up to your crontab.
> >2) Is there a log file anywhere that I can look at to see when the DAT
> >files are updated?
> The autoupdate script by default says nothing when it does nothing,
> and produces output when it makes an update, so normal cron behaviour
> means you get an email when there's an update.
> >3) I understand that there are DAT files, extra DAT files, and
> >super-extra DAT files? Does MailScanner update these too? Or do I have
> >to do these manually?
> The only one of interest to us is the extra.dat files. Unfortunately
> using them automatically doesn't seem to be particularly easy. It might
> be possible to subscribe to NAI's notification email, pipe that into a
> script which works out what's going on and if necessary goes to the
> new virus's web page (whose URL is in the email) to find the link to
> the extra.dat file. But I haven't written this script.
> f.a.n.finch <dot at dotat.at> http://dotat.at/
> SHANNON ROCKALL MALIN: NORTH OR NORTHWEST 5 TO 7. RAIN THEN SHOWERS. MODERATE
> OR GOOD.
How about the daily DAT file? (see http://vil.nai.com/vil/virus-4d.asp)
Do you think it could be automated in
I am beginning to feel quite nervous about permitting ZIP files through
since Mydoom has caught us off guard (McAfee left us unprotected for the
first 7 hours of the Mydoom strike)... Since then I installed manually
2 extra.dat (Netsky and Mydoom.f) but I feel uneasy about this manual
process (I have to react quickly to every AVERT notification and I also
have to remember to delete those extra.dat when they are no longer
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045
More information about the MailScanner