the "ins" and "outs" of McAfee with MailScanner

Tony Finch dot at DOTAT.AT
Tue Feb 24 14:24:16 GMT 2004 

Denis Beauchemin <Denis.Beauchemin at USHERBROOKE.CA> wrote:
>
>How about the daily DAT file? (see http://vil.nai.com/vil/virus-4d.asp)

I don't use them because there appear to be some QA concerns.

>since Mydoom has caught us off guard (McAfee left us unprotected for the
>first 7 hours of the Mydoom strike)...  Since then I installed manually
>2 extra.dat (Netsky and Mydoom.f) but I feel uneasy about this manual
>process (I have to react quickly to every AVERT notification and I also
>have to remember to delete those extra.dat when they are no longer
>needed).

My current setup looks like this:

lrwxrwxrwx    1 root     root           26 Aug  6  2003 clean.dat -> datfiles/current/clean.dat
drwxr-xr-x    3 system   system       4096 Feb 24 14:10 datfiles/
-rw-r--r--    1 root     root       466306 Aug  6  2003 e4240upg.pdf
lrwxrwxrwx    1 root     root           26 Feb 17 14:07 extra.dat -> datfiles/current/extra.dat
lrwxrwxrwx    1 root     root           29 Aug  6  2003 internet.dat -> datfiles/current/internet.dat
-rw-r--r--    1 root     root      2645568 May 22  2003 libbsdfv.so.4
-rw-r--r--    1 root     root      2593332 Aug  6  2003 liblnxfv.so.4
-rw-r--r--    1 root     root         1056 Aug  6  2003 license.dat
-rw-r--r--    1 root     root        37721 Aug  6  2003 messages.dat
-rwxr-xr-x    1 root     root          246 May 22  2003 mklinks*
lrwxrwxrwx    1 root     root           26 Aug  6  2003 names.dat -> datfiles/current/names.dat
lrwxrwxrwx    1 root     root           25 Aug  6  2003 scan.dat -> datfiles/current/scan.dat
-rwxr-xr-x    1 root     root       126711 Aug  6  2003 uvscan*
-rwxr-xr-x    1 root     root         4224 Aug 22  2003 uvscan-update*
-rw-r--r--    1 root     root        13385 Aug  6  2003 uvscan.1

The extra.dat symlink usually points to a missing file, which
uvscan is quite happy with. I just drop the extra.dat file into
/opt/uvscan/datfiles/current/ and it is automatically deleted
when the next proper dat file update occurs.

You can set this up manually, or you can apply the following patch
to uvscan-update, stop MailScanner, blow away your datfiles directory,
run uvscan-update, and then restart MailScanner.

--- uvscan-update       23 Sep 2003 14:52:53 -0000      1.39
+++ uvscan-update       24 Feb 2004 14:21:39 -0000
@@ -221,7 +221,7 @@

 # do remaining part of initial setup
 case $INIT in
-yes)   for file in *.dat
+yes)   for file in *.dat extra.dat
        do
                run rm -f $PREFIX/$file
                run ln -s $SUBDIR/$file $PREFIX/$file


Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
BISCAY: EASTERLY OR NORTHEASTERLY 5 TO 7, BECOMING VARIABLE 4 FOR A TIME IN
NORTH. OCCASIONAL RAIN. GOOD OCCASIONALLY MODERATE.

More information about the MailScanner mailing list