McAfee VirusScan 6.00.0 for Unix is now out

Randal, Phil prandal at herefordshire.gov.uk
Thu Nov 5 22:48:39 GMT 2009 

OK, here's the difference in output between new and old uvscan.
 
New uvscan V6.00:
------------------------------------------------------------------------
------------------------
# uvscan eicar.com
McAfee VirusScan Command Line for Linux32 Version: 6.0.0.309
Copyright (C) 2009 McAfee, Inc.
(408) 988-3832 LICENSED COPY - November 05 2009
 
AV Engine version: 5400.1158 for Linux32.
Dat set version: 5793 created Nov 5 2009
Scanning for 582800 viruses, trojans and variants.
 
/usr/src/eicar.com ... Found: EICAR test file NOT a virus.
 

Time: 00:00.00
------------------------------------------------------------------------
------------------------
 
Old:
------------------------------------------------------------------------
------------------------
# uvscan eicar.com
/usr/src/eicar.com
        Found: EICAR test file NOT a virus.
------------------------------------------------------------------------
------------------------
 
So SweepViruses.pm will need amending to parse the output...
 
mcafee-autoupdate for the new DAT files needs a few changes.  Here's a
.diff (tested, working)
 
------------------------------------------------------------------------
------------------------
--- mcafee-autoupdate.old       2009-11-05 20:56:43.000000000 +0000
+++ mcafee-autoupdate   2009-11-05 21:44:26.000000000 +0000
@@ -21,7 +21,7 @@
 # defaults
 OPTS="-d"
 PREFIX=/usr/local/uvscan
-FTPDIR=http://download.nai.com/products/datfiles/4.x/nai
+FTPDIR=http://download.nai.com/products/commonupdater
 RETRIES=1
 INTERVAL=300
 
@@ -100,7 +100,7 @@
 
 # where this script finds things
 DATDIR=$PREFIX/datfiles
-DATFILES="clean.dat extra.dat internet.dat names.dat scan.dat"
+DATFILES="avvclean.dat extra.dat avvnames.dat avvscan.dat runtime.dat"
 LINKNAME=current
 LINKREL=datfiles/$LINKNAME
 
@@ -248,14 +248,14 @@
 while :
 do
         # fetch and extract dat files
-        TARFILE=dat-$VERSION.tar
+        TARFILE=avvdat-$VERSION.zip
         run mkdir $VERSION
         run cd $VERSION
         run chmod 700 .
         if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp
--progre                       ss=dot:mega $FTPDIR/$TARFILE
         then retry
         fi
-        run tar xvf $TARFILE
+        run unzip $TARFILE
         run chmod 644 *
         run chmod 755 .
------------------------------------------------------------------------
-------------------------------
 
At this point I'm going to hand over to someone who knows perl and bash
scripting better than I do.
 
Cheers,
 
Phil


________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Randal,
Phil
Sent: 05 November 2009 13:45
To: MailScanner discussion
Subject: McAfee VirusScan 6.00.0 for Unix is now out



Hi folks, 

McAfee have released version 6.00.0 of their Unix commandline virus
scanners (available from the corporate downl;oad portal with your McAfee
grant number).

This supports the avvdat pattern formats used by VirusScan 8.5 and 8.7
on windows, and will need an update to the McAfee autoupdate script in
MailScanner.

Users will need to upgrade by the end of March 2010 when the old DAT
formats used by earlier versions of uvscan will no longer be provided by
McAfee.

If I get a chance next week, I'll have a look at the mcafee-autoupdate
script to see what changes are needed. 

Cheers, 

Phil 

-- 
Phil Randal | Networks Engineer 
NHS Herefordshire & Herefordshire Council  | Deputy Chief Executive's
Office | I.C.T. Services Division 
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT 
Tel: 01432 260160 
email: prandal at herefordshire.gov.uk 

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it.

 
Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.
You should be aware that Herefordshire Council monitors its email
service.
This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it. 
Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.
You should be aware that Herefordshire Council monitors its email service.
This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091105/5128c2b5/attachment-0001.html

More information about the MailScanner mailing list