McAfee and password-protected zip file detection in MS
Michael Baird
mike at TC3NET.COM
Wed Mar 3 16:25:00 GMT 2004
So is McAfee uvscan with the latest .dat working or not? I am seeing
Bagle.j's caught, looking at my statistics.
Regards
MIKE
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Denis Beauchemin
> > Sent: Wednesday, March 03, 2004 9:46 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: McAfee and password-protected zip file detection in MS
> >
> >
> > Hi all,
> >
> > I tried to modify SweepViruses.pm so it could grab McAfee's "is
> > password-protected" string and just treat the
> > attachment as a virus but
> > it doesn't work...
> >
> > I modified ProcessMcAfeeOutput() this way:
> > #return 0 unless $line =~ /Found/;
> > return 0 unless (($line =~ /Found/) or ($line =~ /is
> > password-protected/));
>
> How about adding a log to stderr like:
> print STDERR "Line Was: $line\n";
> return 0 unless $line =~ /Found|password-protected/
>
> Then run MS in debug and watch and see what it is seeing, perhaps
> something is a bit different than you thought, like case?
>
> >
> > Any ideas why it is not kicking in? Could it be
> > because McAfee returns
> > a zero return code if it detects a password-protected
> > zip file (I know
> > this is what it does)?
> >
> > If so, could there be another way of achieving the
> > same result without
> > having to upgrade to the latest unstable version?
> >
> > Thanks!
> >
> > Denis
> > --
> > Denis Beauchemin, analyste
> > Université de Sherbrooke, S.T.I.
> > T: 819.821.8000x2252 F: 819.821.8045
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
More information about the MailScanner
mailing list