Date: Thu, 1 Nov 2001 01:43:07 +0100 From: "Jeroen Massar" <jeroen@unfix.org> To: "'Mike Tancsa'" <mike@sentex.net> Cc: <freebsd-security@freebsd.org>, "'Brett Glass'" <brett@lariat.org> Subject: RE: probable virus Message-ID: <004a01c1626e$2d86ad10$420d640a@HELL> In-Reply-To: <5.1.0.14.0.20011030220911.052f6f30@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > Sorry I was looking for FreeBSD experiences with the daily > updates. I use it with Amavis for the purpose of scanning email. Copy the following into for example /etc/periodic/daily/470.update-mcafee to get a daily update ;) And don't forget to change the 'cd /usr/local/uvscan' to the path you are using... 8<---------------------- jeroen@purgatory:~$ cat /etc/periodic/daily/470.update-mcafee #!/bin/sh echo echo "Updating McAfee Antivirus:" umask 022 cd /usr/local/uvscan echo "- Fetching version of newest datfile from readme..." ftp -V http://download.nai.com/products/datfiles/4.x/nai/readme.txt >/dev/null AVVER=`head -1 readme.txt | awk '{print $5; }'` if [ "A${AVVER}" != "A" ]; then echo "- ${AVVER} is the current version..." if [ ! -f dat-${AVVER}.tar ]; then for i in *.tar ; do mv $i $i.old done echo "- Fetching new dat file version ${AVVER}..." if ftp http://download.nai.com/products/datfiles/4.x/nai/dat-${AVVER}.tar >/dev/null; then mkdir bak 2>/dev/null for i in *.dat ; do cp -p $i bak/$i done if tar xf dat-$AVVER.tar ; then rm -f *.old echo "- Successfully updated AntiVirus DAT files to ${AVVER} from `cat .oldversion 2>/dev/null`." echo ${AVVER} >.oldversion else echo "- The Tarfile is corrupted" fi fi else echo "- ${AVVER} is already the newest version." fi else echo "- Empty version in readme, while trying to figure out new the version of the new data file." fi exit 0 ---------------------->8 Which produces in your 'daily run output': 8<------------------------------------ Updating McAfee Antivirus: - Fetching version of newest datfile from readme... - 4168 is the current version... - Fetching new dat file version 4168... - Successfully updated AntiVirus DAT files to 4168 from 4167. ------------------------------------>8 Oe and you got lucky that it updated today.. it didn't yesterday... :) And ofcourse don't forget to test with: 8<----------- jeroen@purgatory:~$ uvscan virus-test.txt /usr/home/jeroen/virus-test.txt Found: EICAR test file NOT a virus. ------------>8 See http://www.eicar.org/anti_virus_test_file.htm for fetching that file... also shoot it through things like Greets, Jeroen PS: If the version number isn't detected correctly, which happens now and then due to positional changes in the readme.txt, simply check the readme and change the awk option :) PS: Anyone knows how to limit ftp/fetch/whatevertool to get only the first line from an ftp file? as this would save some 40kb of traffic (yeahhoo :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01c1626e$2d86ad10$420d640a>