[Mimedefang] Virus Scanners

[Tony Nugent]

On Wed Dec 05 2001 at 08:34, amadill at hwy16.com wrote:

> > Can I ask you for a copy of that script?
> 
> There is both a shell script and a perl script in the unxadmin.pdf
> files distributed with the NAI Linux scanner distribution that work
> very well.  I'm using the perl script.  (BTW, it requires the Net::FTP
> perl module which is not a separate item on CPAN but is part of
> the latest libnet-1.09 package)

Strange, I could find the shell script, but not the perl version.
(Can you send that to me privately?)

Since I first posted that request, I went ahead and wrote a fancy
shell script that turns out to be functionally similar to how the
one in the .pdf docs works.

   But my version is a lot smarter.  It uses a standard ftp client,
   creating ~/.netrc files on the fly.  It first gets the remote ftp
   directory listing, looks for the version there, and fetches and
   installs it only if it is more current than the one(s) being used
   (optionallly timestamping fetched files identical to the
   sources).  I also want it to collect the .ini, .zip and sdat
   files for an NT server and windows network.  It isn't wonderful
   in its present incantation, eg, I want to get the output
   generated into an email sent by the script itself (instead of the
   controlling cron job), but it is working very well for me right
   now to keep it automatically updated.  I'll eventually post it
   here, meanwhile contact me to get a copy.

On Thu Dec 06 2001 at 08:13, "Karel.DeBruyne" wrote:

> On Thu, 6 Dec 2001, Tony Nugent wrote:

> > On Wed Dec 05 2001 at 10:11, "Karel.DeBruyne" wrote:
> > > I wrote a script to check for an update for the virusscanner each hour.
> > Can I ask you for a copy of that script?
> of course, I will share it, but I'm not proud of it.
...
> Sorry, I forgot the URL :
> http://www.uia.ac.be/u/dbruyne/datupdate

Thanks.  Wow, so easy to use Net::FTP, with the ability to look at
things and make decisions while the connection is still active.
Yes, I can see my dat update script quickly turning into perl :)

> > I'm passing them, via a ~/.procmailrc recipe, into a perl script
> > that is parsing them, extracting the details of the incident, and
> > putting it into a database.  Then I can run cron jobs to query the
> > database once or twice a day to inform me with a report in a single
> > email with summaries of what has happened.  (I also want to
> > generate notification emails to internal clients who are sending
> > viruses to let them know about it).
> 
> That would be a valuable resource if it was available.  Which
> database, MySQL?

In my case yes, but since it's using the perl DBI modules, it
shouldn't matter what database is on the backend (as long as perl
can talk to it).  A couple of small tweaks and it should work with
whatever server you are using... you'll just need to create the
database itself.  (Mind you, sql was never one of my stronger
points:-)

   This is a project I'm working on, part of a larger one
   summarising log files and administrative emails into databases
   for monitoring and statistical purposes...  it has turned out to
   be a bit more complex than I expected, but I really want/need to
   do this.  I'll be happy to offer whatever I create that's useful
   as a contribution to the defang distribution -- simply the oblig
   README, a few perl scripts and a mysql template (and others?) to
   create the actual database, small.

> > Releases to the scanning engine are few and far between.  The
> > windows-based engine is now at 4.1.60, while the unix-based uvscan
> > engine has been at v4.1.40 since last april.
> 
> There is a beta version of the 4.1.50 engine for unix available at
> http://www.mcafeeb2b.com/beta/products/4150-intro.asp .

No longer there... replaced with a notice saying that 4.1.60 will
soon be released.

Cheers
Tony