[Mimedefang] uvscan - detecting virus name
Lucas Albers
admin at cs.montana.edu
Wed Jun 11 03:07:02 EDT 2003
I was not even aware that their was an extra.dat file.
How do you got about installing it?
In other news, I've been surprised by the number of virus's my system
catches.
As for deleting attachments, I use to rename them but now I just delete
and quarantine them. Have not had a complaint for 6 or more months.
For the past year I deleted them via a procmail script.
For the past month I've been getting them via MD, and I have yet to have a
complaint. I just include a descriptive hyperlink that answers all the
users questions.
--luke
> Luke,
>
> Thanks. We do update frequently like you do, but just because you have
> the
> lastest dat (4270) doesn't mean you are protected from latest virii. For
> example, 4270 doesn't include W32/Bugbear.b.dam which we've been seeing
> for
> several days now. It'll be included in 4271 on Wednesday, but that wasn't
> soon enough for us. Also, the extra.dat for W32/Bugbear.b was out much
> earlier than the actual 4270. There are reasons for using extra.dat.
>
> I've also noticed there are other outputs from uvscan like:
>
> Found trojan or variant Exploit-CodeBase !!!
>
> which requires checking like such:
>
> if (($CurrentVirusScannerMessage =~ m/^\s+Found the (\S+) (\S+
> )?virus/) ||
> ($CurrentVirusScannerMessage =~ m/^\s+Found .+ variant
> (\S+) /));
>
> These aren't related to the use of extra.dat.
More information about the MIMEDefang
mailing list