the "ins" and "outs" of McAfee with MailScanner
prandal at HEREFORDSHIRE.GOV.UK
Tue Feb 24 14:08:22 GMT 2004
I was wondering about the "daily" file too. You'd need to do some datestamp
checking to only use the dialy file if it was newer that the released .dat
file. A good idea, nonetheless.
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Denis Beauchemin
> Sent: 24 February 2004 14:06
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: the "ins" and "outs" of McAfee with MailScanner
> Le mar 24/02/2004 à 05:11, Tony Finch a écrit :
> > Chris Yuzik <chris at FRACTALWEB.COM> wrote:
> > >
> > >Although I'm quite familiar with ClamAV, I'm somewhat of a
> noob when it
> > >comes to McAfee. I have a few questions:
> > >1) How often does MailScanner check the NAI site for new
> DAT files? I
> > >couldn't seem to find anything on this.
> > That's up to your crontab.
> > >2) Is there a log file anywhere that I can look at to see
> when the DAT
> > >files are updated?
> > The autoupdate script by default says nothing when it does nothing,
> > and produces output when it makes an update, so normal cron
> > means you get an email when there's an update.
> > >3) I understand that there are DAT files, extra DAT files, and
> > >super-extra DAT files? Does MailScanner update these too?
> Or do I have
> > >to do these manually?
> > The only one of interest to us is the extra.dat files. Unfortunately
> > using them automatically doesn't seem to be particularly
> easy. It might
> > be possible to subscribe to NAI's notification email, pipe
> that into a
> > script which works out what's going on and if necessary goes to the
> > new virus's web page (whose URL is in the email) to find the link to
> > the extra.dat file. But I haven't written this script.
> > Tony.
> > --
> > f.a.n.finch <dot at dotat.at> http://dotat.at/
> > SHANNON ROCKALL MALIN: NORTH OR NORTHWEST 5 TO 7. RAIN THEN
> SHOWERS. MODERATE
> > OR GOOD.
> How about the daily DAT file? (see
> Do you think it could be automated in
> /usr/lib/MailScanner/mcafee-autoupdate ?
> I am beginning to feel quite nervous about permitting ZIP
> files through
> since Mydoom has caught us off guard (McAfee left us
> unprotected for the
> first 7 hours of the Mydoom strike)... Since then I
> installed manually
> 2 extra.dat (Netsky and Mydoom.f) but I feel uneasy about this manual
> process (I have to react quickly to every AVERT notification
> and I also
> have to remember to delete those extra.dat when they are no longer
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x2252 F: 819.821.8045
More information about the MailScanner