Re: [cobalt-users] Mailscanner not getting viruses all the time

[Kim Schulz <kim@xxxxxxxxx>]

On Wed, 11 Feb 2004 13:33:00 -0600
Larry Smith <lesmith@xxxxxxxxx> wrote:
> On Wednesday 11 February 2004 12:25, Kim Schulz wrote:
> > [snip]
> >
> > > Sounds like your virus definitions are not quite up to date.
> > > When Mydoom first appeared we were destroying a percentage due to
> > > normal rules that mailscanner applies,
> > > i.e. along the lines of things like double file extensions, .pif
> > > .scr attachments but the .zip ones were mainly getting past it,
> > > once the definitions were up to date it killed 100% of them.
> >
> > it updates every night
> 
> No pun intended, but is it updating or simply telling you it ran
> updates. do and ls -l against /usr/local/f-prot and see what the dates
> are on the .def files
> 
> Mine are:
> 
> -rw-r--r--    1 root     root       490988 Feb  9 09:40 MACRO.DEF
> -rw-r--r--    1 root     root      1099512 Feb 10 17:47 SIGN2.DEF
> -rw-r--r--    1 root     root      1110975 Feb 10 17:52 SIGN.DEF
> 


I have both clamAV and f-prot and both update every day. 


freshclam 
ClamAV update process started at Wed Feb 11 20:35:32 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder:
ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 126, sigs: 688, f-level: 1, builder: tomek)
Database updated (20675 signatures) from database.clamav.net
(209.94.36.5).


ls -l f-prot/*DEF
-rwxr-xr-x    1 root  root  490988 Feb  9 17:04 f-prot/MACRO.DEF
-rwxr-xr-x    1 root  root 1110975 Feb 11 19:11 f-prot/SIGN.DEF
-rwxr-xr-x    1 root  root 1100325 Feb 11 19:11 f-prot/SIGN2.DEF





-- 
           Fund of Fundanemt - Join the User Group 
   http://www.fundausers.org | join #fnug @ irc.freenode.net