mcafee uvscan not using /usr/local/uvscan/datfiles/current

Eric Dantan Rzewnicki rzewnickie at RFA.ORG
Tue Jan 27 21:16:55 GMT 2004

Appolgies if this has been covered recently. I was unable to find it
mentioned in the archives. I feel like it's been discussed and fixed
already, but I can't find any references to it ...

We have MailScanner-4.25-14 using both sophos (via sophossavi) and
mcafee's uvscan. With the recent storm of MyDoom viruses I noticed that
only sophos was catching them. I have
/opt/MailScanner/lib/mcafee-autoupdate running every 30 minutes vi cron.
The dats are updated in /usr/local/uvscan/datfiles/<dat-version-dir>/
and the link /usr/local/uvscan/datfiles/current is created

However it appears that uvscan is being called with old dats that exist
in /usr/local/uvscan/*.dat. We used to use uvscan with amavisd and the
auto dat update script we used just deleted the old dats and put the new
ones in /usr/local/uvscan/. As soon as I ran that old update script I
started seeing mcafee catching MyDoom in the logs. The dats now in
/usr/local/uvscan/*.dat are identical to those in
/usr/local/uvscan/datfiles/current/ as downloaded by MS's

MS's mcafee-wrapper script looks like this:

    prog=uvscan # `basename $0`

    export LD_LIBRARY_PATH

    if [ "x$1" = "x-IsItInstalled" ]; then
      [ -x ${PackageDir}/$prog ] && exit 0
      exit 1

    exec ${PackageDir}/$prog -d $datDIR "$@"

I couldn't find where in MailScanner mcafee-wrapper is called, but I
assume $1 is taken from /opt/MailScanner/etc/virus.scanners.conf. To me
this looks like uvscan is being called with "-d /usr/local/uvscan" when
it should be "-d /usr/local/uvscan/datfiles/current/".

Here are the relevent variables set in mcafee-autoupdate:


according to this datDIR in mcafee-wrapper should be

As I type this I feel like I've read about this problem being discussed
and fixed on the list in the past ... but, as I said, I can't seem to
find it in the archives.

-Eric Rz.

More information about the MailScanner mailing list