Re: [cobalt-users] F-prot config question

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 04:24 PM 8/7/2003, you wrote:

> Hi everyone,
>
> I´m using Bassi's MailScanner pkg(thanks Bassi) which uses f-prot in a
> RaQ4i.
> (FYI. I update virus def running '/home/local/f-prot/autoupdate' twice a
> week, instead of 'check-updates.sh'.)
>
> This week some customers have started receiving zipped attachments with
> viruses and worms in them and f-prot doesn´t scan zipped files.
>
> How can I have f-prot scan zipped attachments ?
> There's this funcion '/usr/local/bin/f-prot -archive' to scan zipped
> attachments on demand, but doesn't stay configured to keep doing it.
>
> Any ideas anyone ?


I think there are two problems here.
1st the software is old and needs to be updated.  I am looking for 
instructions on that.
2nd.  there is a way to delete the message.zip file that is the attachment 
for the w32.mimail.a virus

Here is how to do the second one
edit the file:  filename.rules.conf
it is probably located at /home/opt/MailScaner/filename.rules.conf
you will have a line like this:
allow   \.zip$                  -       -
just prior to it, add  the following line
deny    message.zip$            "Mimail" virus  "Mimail" virus

save the file and restart mailscanner
in my case, like this
/etc/rc.d/init.d/mailscanner restart

I email frisk to ask about the virus.  They told me the definitions from 
Aug 2-5, 2003 with the current software will stop it.  I have the current 
definitions, but the software is not current and I do not know how to 
upgrade it and with what version of the f-prot linux software.

Any help here, please Steve.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.