From owner-freebsd-security Wed Oct 31 16:44:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from purgatory.unfix.org (purgatory.xs4all.nl [194.109.237.229]) by hub.freebsd.org (Postfix) with ESMTP id ABDDF37B406 for ; Wed, 31 Oct 2001 16:44:38 -0800 (PST) Received: from HELL (hell.unfix.org [::ffff:10.100.13.66]) by purgatory.unfix.org (Postfix) with ESMTP id 32FFA32F9; Thu, 1 Nov 2001 01:44:29 +0100 (CET) From: "Jeroen Massar" To: "'Mike Tancsa'" Cc: , "'Brett Glass'" Subject: RE: probable virus Date: Thu, 1 Nov 2001 01:43:07 +0100 Organization: Unfix Message-ID: <004a01c1626e$2d86ad10$420d640a@HELL> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <5.1.0.14.0.20011030220911.052f6f30@192.168.0.12> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Tancsa wrote: > Sorry I was looking for FreeBSD experiences with the daily > updates. I use it with Amavis for the purpose of scanning email. Copy the following into for example /etc/periodic/daily/470.update-mcafee to get a daily update ;) And don't forget to change the 'cd /usr/local/uvscan' to the path you are using... 8<---------------------- jeroen@purgatory:~$ cat /etc/periodic/daily/470.update-mcafee #!/bin/sh echo echo "Updating McAfee Antivirus:" umask 022 cd /usr/local/uvscan echo "- Fetching version of newest datfile from readme..." ftp -V http://download.nai.com/products/datfiles/4.x/nai/readme.txt >/dev/null AVVER=`head -1 readme.txt | awk '{print $5; }'` if [ "A${AVVER}" != "A" ]; then echo "- ${AVVER} is the current version..." if [ ! -f dat-${AVVER}.tar ]; then for i in *.tar ; do mv $i $i.old done echo "- Fetching new dat file version ${AVVER}..." if ftp http://download.nai.com/products/datfiles/4.x/nai/dat-${AVVER}.tar >/dev/null; then mkdir bak 2>/dev/null for i in *.dat ; do cp -p $i bak/$i done if tar xf dat-$AVVER.tar ; then rm -f *.old echo "- Successfully updated AntiVirus DAT files to ${AVVER} from `cat .oldversion 2>/dev/null`." echo ${AVVER} >.oldversion else echo "- The Tarfile is corrupted" fi fi else echo "- ${AVVER} is already the newest version." fi else echo "- Empty version in readme, while trying to figure out new the version of the new data file." fi exit 0 ---------------------->8 Which produces in your 'daily run output': 8<------------------------------------ Updating McAfee Antivirus: - Fetching version of newest datfile from readme... - 4168 is the current version... - Fetching new dat file version 4168... - Successfully updated AntiVirus DAT files to 4168 from 4167. ------------------------------------>8 Oe and you got lucky that it updated today.. it didn't yesterday... :) And ofcourse don't forget to test with: 8<----------- jeroen@purgatory:~$ uvscan virus-test.txt /usr/home/jeroen/virus-test.txt Found: EICAR test file NOT a virus. ------------>8 See http://www.eicar.org/anti_virus_test_file.htm for fetching that file... also shoot it through things like Greets, Jeroen PS: If the version number isn't detected correctly, which happens now and then due to positional changes in the readme.txt, simply check the readme and change the awk option :) PS: Anyone knows how to limit ftp/fetch/whatevertool to get only the first line from an ftp file? as this would save some 40kb of traffic (yeahhoo :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message