From owner-freebsd-security Tue Oct 30 11:54:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id B2DAA37B401 for ; Tue, 30 Oct 2001 11:54:06 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id f9UJs4392657; Tue, 30 Oct 2001 14:54:04 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20011030143741.01b7fa40@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 30 Oct 2001 14:47:55 -0500 To: "Brandon Harper" , From: Mike Tancsa Subject: RE: NAI VirusScan [was: probable virus] In-Reply-To: References: <5.1.0.14.0.20011030124022.04487620@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The .tar files on the ftp site are updated usually once per week. You can get more up to date files from their web site at http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/virus-4d.asp http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP As the files names are all UPPERCASE, I just did ln clean.dat CLEAN.DAT ln scan.dat SCAN.DAT ln names.dat NAMES.DATin the so that when I unzipped the file I would not have to worry about renaming things. They seem to work OK so far. As well as the ones posted to the list, I did get a copy of http://vil.nai.com/vil/virusSummary.asp?virus_k=99237 sent to my network by other means so I wanted to have a method to stop this particular virus without having to wait another day for the next scheduled weekly release. The disclaimer however says that these _daily_ dat files are considered beta. ---Mike At 12:39 PM 10/30/01 -0700, Brandon Harper wrote: > > > > > > Just to followup, the daily dat file seems to be working fine. > > Anyone out > > there using it on a regular basis, I would be interested in hearing your > > experiences. > > > > ---Mike > > > > >Mike-- > >I'm also using UVScan and know that my definition files are getting updated >daily via cron, and it hasn't been catching these latest virii either. I >also had someone privately e-mail me who said it wasn't working for them >either yesterday. I'm using version 4.x, and have the latest dat file: > >bash-2.04# ls -la dat*.* >-rw-r--r-- 1 root wheel 2222080 Oct 23 21:15 dat-4167.tar > >bash-2.04# ls -la scan.dat >-rwxr--r-- 1 root wheel 1543967 Oct 23 22:15 scan.dat > >It did however catch a W95.Hybris.gen message yesterday (the >haha@sexyfun.net worm), so the problem seems to be related to the >definitions for UVScan itself. > >- Brandon > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message