<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
My Cron log shows the following entry every hour.<br>
This seems to be the only entry referring to cron.hourly.<br>
<br>
*******start of cron entry*********<br>
Feb 28 09:01:00 ctmail CROND[1498]: (root) CMD (run-parts /etc/cron.hourly)<br>
*******end of cron entry**********<br>
<br>
I looked in /etc/cron.hourly and there are 2 scripts:<br>
*check_mailscanner<br>
*update_virus_scanners<br>
<br>
I also get an email from the Cron Daemon every hour which is pasted below.<br>
I appologize for the large post guys.<br>
<br>
Again, the ide's are now up to date as I had run the autoupdate script manually
this morning.<br>
<br>
<br>
*********start of pasted email**********<br>
<div class="moz-text-plain" wrap="true" graphical-quote="true"
style="font-family: -moz-fixed; font-size: 13px;" lang="x-western">
<pre wrap="">/etc/cron.hourly/update_virus_scanners:
SWEEP virus detection utility
Version 3.66, February 2003 [Linux/Intel]
Includes detection for 79566 viruses, trojans and worms
Copyright (c) 1989,2003 Sophos Plc, <a class="moz-txt-link-abbreviated"
href="http://www.sophos.com">www.sophos.com</a>
System time 09:01:01, System date 28 February 2003
Command line qualifiers are: -IsItInstalled
IDE directory is: /usr/local/Sophos/ide
Using IDE file van-a.ide
Using IDE file aro-a.ide
Using IDE file lovgated.ide
Using IDE file oror-r.ide
Using IDE file ekiam-a.ide
Using IDE file lovgatea.ide
Using IDE file lovgateb.ide
Using IDE file gibe-d.ide
Using IDE file axam-a.ide
Using IDE file cian-c.ide
Using IDE file igloo15.ide
Using IDE file tkbot-a.ide
Using IDE file seeker-c.ide
Using IDE file dload-bo.ide
Using IDE file manife-a.ide
Using IDE file slanreta.ide
Using IDE file sadhound.ide
Using IDE file netspree.ide
Using IDE file opaservl.ide
Using IDE file ororfam.ide
Using IDE file sahay-a.ide
Using IDE file oror-l.ide
Using IDE file opaservj.ide
Using IDE file moon-b.ide
Using IDE file replog-f.ide
Using IDE file sobig-a.ide
Using IDE file avril-b.ide
Invalid option '-IsItInstalled'
The following options may be prefixed with 'n' to invert their meaning
(for example, '-nsc' is the inverse of '-sc'). [*] indicates the option
is the default:
-sc [*] : SWEEP inside dynamically compressed executables
-f [ ] : Full SWEEP
-di [ ] : Disinfect infected items
-s [*] : Run silently (do not list files swept)
-c [*] : Ask for confirmation before disinfection/deletion
-b [*] : Sound bell on virus detection
-all [ ] : SWEEP all files
-rec [*] : Do recursive SWEEP
-remove [ ] : Remove infected objects
-dn [ ] : Display names of files as they are scanned
-ss [ ] : Don't display anything except on error or virus
-eec [ ] : Use extended error codes
-ext=XXX,.. : Specify additional extensions to SWEEP
-p=<file> : Write to logfile <file>
-v : Display complete version information and exit
-h : Display this help and exit
The following options are related to archives and other special file types:
-zip [ ] : SWEEP inside ZIP archives
-gzip [ ] : SWEEP inside GZIP compressed files
-arj [ ] : SWEEP inside ARJ archives
-cmz [ ] : SWEEP inside Unix-compressed files
-tar [ ] : SWEEP inside TAR archives
-rar [ ] : SWEEP inside RAR archives
-cab [ ] : SWEEP inside Microsoft Cabinet files
-archive [ ] : All of the above
-loopback [ ] : SWEEP inside loopback-type files
-tnef [ ] : SWEEP inside TNEF files
The following options may be prefixed with 'no-' to invert their meaning
(for example, '--no-reset-atime' is the inverse of '--reset-atime'. [*]
indicates the option is the default:
--reset-atime [*] : Reset file access time after SWEEPing
The following options are Unix-specific, and may be prefixed with 'no-'
to invert their meaning (for example, '--no-follow-symlinks' is the
inverse of '--follow-symlinks'). [*] indicates the option is the default:
--follow-symlinks [*] : SWEEP the object pointed to by symbolic links
--stay-on-filesystem [ ] : Attempt not to leave the starting filesystem
(i.e. do not traverse mount points)
--stay-on-machine [*] : Attempt not to leave the starting machine
(i.e. do not traverse remote mount points)
--skip-special [*] : Do not scan 'special' objects (/dev, /proc,
/devices etc.)
--backtrack-protection [*] : Prevent repetition of work ('backtracking')
due to symbolic links
--preserve-backtrack [*] : Preserve the backtracking information for
the duration of this run
--examine-x-bit [ ] : Check files with an execute bit set
--show-file-details [ ] : Show file ownership and permissions when
displaying filenames
--quarantine [ ] : (Simple form of --quarantine option)
If file is infected with virus, attempt to
change file owner to user running SWEEP, and
permissions to -r-------- (0400)
--quarantine:<uid=nnn>,<user=username>,
<gid=nnn>,<group=groupname>,<mode=ppp>
[ ] : (Detailed form of --quarantine option)
If file is infected with virus, attempt to
change file ownership, group ownership, and
permissions to those specified as
uid/username, gid/groupname, and mode.
--args-file=<file> : Read command line arguments (both options and
directory/filenames) from file, taking
arguments from the command line again when
the end of the file is reached. A value of -
for <file> specifies taking input from stdin.
A small number of command line options may
not be used within an args file, namely:-
-eec, -neec, -p=, -s, -ns, -dn, -ndn.
These can only be specified from the command
line.
The following options are specific to Linux and FreeBSD only.
-mbr [ ] : SWEEP master boot records on all (physical) hard disks
-bs=X,... [ ] : SWEEP boot sector of each drive listed
-bs [ ] : SWEEP boot sectors on all (logical) drives
You need to have superuser rights in order to scan boot sectors.
********end of pasted email**********
</pre>
</div>
<br>
Steve Evans wrote:<br>
<blockquote type="cite"
cite="midD73EA71EBBEE3E4AB1BDC50F0B855124013052@email.foundation.sdsu.edu">
<pre wrap="">
What do your logs tell you? Does it show the Sophos update script being
run at all?
Steve Evans
SDSU Foundation
(619) 594-0653
-----Original Message-----
From: Ryan Pitt [<a class="moz-txt-link-freetext" href="mailto:ryan@MARINOCRANE.COM">mailto:ryan@MARINOCRANE.COM</a>]
Sent: Friday, February 28, 2003 5:43 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</a>
The autoupdate feature for Sophos does not seem to be working for me.
It appears to me that the sophos-autoupdate script is not being run at
any specific interval.
I updated MailScanner and Sophos 3 days ago. The ide's had not been
updated for those 3 days until I ran the autoupdate script manually this
morning.
Please could someone tell me where this script is supposed to be called
from and what to look for?
My setup is:
RH 7.2
Sendmail
MailScanner 4.12-2
Sophos 3.66
Thank you
Ryan Pitt
</pre>
</blockquote>
<br>
</body>
<font color="#808080" size="2">---
<br>This message has been scanned for viruses and dangerous content by
MailScanner,
<br>and is believed to be clean.</font>
</html>