[Mimedefang] Virus Scanners

[Tony Nugent]

[ taken privately ]

On Wed Dec 05 2001 at 10:11, "Karel.DeBruyne" wrote:

> I wrote a script to check for an update for the virusscanner each hour.

Can I ask you for a copy of that script?

Thanks heaps.

  (I've been experimenting writing my own.  Seen some others at
  freshmeat.net (for linux, put they are perl so they'll work on any
  *nix box).  However, they required a rework to make them work, I
  started writing my own, crude but effective enough with testing).

> Until now, I haven't found any virusses passing through the virusscanner.

I'm using uvscan for linux on several servers, with corporate
licences giving me access to it.  One is the main mail hub for an
ISP, and it is catching between 50 and 400 every day.

But they all missed a few goner viruses before I caught up with the
news and did the updates manually about 12 hrs later.

My biggest problem now is not the defang filtering, but how to
manage all the administrative emails that get generated... I'm
passing them, via a ~/.procmailrc recipe, into a perl script that is
parsing them, extracting the details of the incident, and putting it
into a database.  Then I can run cron jobs to query the database
once or twice a day to inform me with a report in a single email
with summaries of what has happened.  (I also want to generate
notification emails to internal clients who are sending viruses to
let them know about it).

> it seems to be updated every week, sometimes more often.

That's exactly what their policy is, a new one at the start of each
week, then updates in between if there are any new high-risk
threats.

Releases to the scanning engine are few and far between.  The
windows-based engine is now at 4.1.60, while the unix-based uvscan
engine has been at v4.1.40 since last april.

Anyway, thanks again.

Cheers
Tony
---*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=---
  Tony Nugent <Tony at linuxworks.com.au>
  LinuxWorks - Gold Coast Qld Australia