Date: Tue, 30 Oct 2001 14:47:55 -0500 From: Mike Tancsa <mike@sentex.net> To: "Brandon Harper" <lists-inet@booms.net>, <freebsd-security@FreeBSD.ORG> Subject: RE: NAI VirusScan [was: probable virus] Message-ID: <5.1.0.14.0.20011030143741.01b7fa40@marble.sentex.ca> In-Reply-To: <NHELLMIEFPEHAFGOIAGFKEMIDHAA.lists-inet@booms.net> References: <5.1.0.14.0.20011030124022.04487620@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
The .tar files on the ftp site are updated usually once per week. You can get more up to date files from their web site at http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/virus-4d.asp http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP As the files names are all UPPERCASE, I just did ln clean.dat CLEAN.DAT ln scan.dat SCAN.DAT ln names.dat NAMES.DATin the so that when I unzipped the file I would not have to worry about renaming things. They seem to work OK so far. As well as the ones posted to the list, I did get a copy of http://vil.nai.com/vil/virusSummary.asp?virus_k=99237 sent to my network by other means so I wanted to have a method to stop this particular virus without having to wait another day for the next scheduled weekly release. The disclaimer however says that these _daily_ dat files are considered beta. ---Mike At 12:39 PM 10/30/01 -0700, Brandon Harper wrote: > > > > > > Just to followup, the daily dat file seems to be working fine. > > Anyone out > > there using it on a regular basis, I would be interested in hearing your > > experiences. > > > > ---Mike > > > > >Mike-- > >I'm also using UVScan and know that my definition files are getting updated >daily via cron, and it hasn't been catching these latest virii either. I >also had someone privately e-mail me who said it wasn't working for them >either yesterday. I'm using version 4.x, and have the latest dat file: > >bash-2.04# ls -la dat*.* >-rw-r--r-- 1 root wheel 2222080 Oct 23 21:15 dat-4167.tar > >bash-2.04# ls -la scan.dat >-rwxr--r-- 1 root wheel 1543967 Oct 23 22:15 scan.dat > >It did however catch a W95.Hybris.gen message yesterday (the >haha@sexyfun.net worm), so the problem seems to be related to the >definitions for UVScan itself. > >- Brandon > ><!-- http://www.booms.net --> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011030143741.01b7fa40>