[Mimedefang] Re: McAfee auto-update script problem

Tony Nugent tony at linuxworks.com.au
Tue Jun 17 05:25:01 EDT 2003


On Tue Jun 17 2003 at 10:00, Ole Holm Nielsen wrote:

> Obviously, a more robust uvscan update script is needed which could
> also get extra.dat files etc.  I'll look at Stephane's links,
> but perhaps someone could recommend the Ultimate McAfee Update Script ?

I guess like many others, I've hacked my own... it isn't so pretty,
and others would have surely done a better job, but it does the
job:)  In my case, I also needed to grab the updates for the windows
boxes and put them where they will be accessable with their daily
auto-updates going.

So in a pinch I'd use the Ultimate McAfee Update Script if it could
do that for me too :)  But such beasts seem to be around... earlier
in this thread someone mentioned something at freshmeat, and I'm
about to try three such tools that can be found there:

Mcafee Virus Update Notify
- Notifies you when new Mcafee virus updates are available.
  http://www.terrapoint.de/kzone/
  http://terrapoint.de/[..]d/mcvu_notify_1.1/mcvu_notify_1.1.tar.gz

Virus Update Server
- A virus update server for McAfee products.
  http://www.medici.org/projects/vs.html
  http://www.medici.org/projects/vsuserver-1.4.1.tar.bz2

virusNotification
- A script which detects and notifies others about McAfee DAT updates.
  http://www.wakatara.com/virdat/
  http://www.wakatara.com/virdat/virusNotification-1.14.4.tar.gz

(comments about any of these would be welcome)

> As for reporting the virus name in the Mimedefang output,
> does anyone have a context-diff that will make Mimedefang do the
> right thing ?

I've been using the following snippet of code in mimedefang-filter
to do this with uvscan for quite a while now, and it seems to work
very nicely:

sub get_virus_name_nai($) {
  my($virname) = @_;
  $virname =~ s/.*?(Found .*?) !!!.*$/$1/s;
  if ($virname =~ /Found the .*? virus/) {
    $virname =~ s/Found the (.*?) virus.*/$1/;
  } elsif ($virname =~ /Found virus or variant/) {
    $virname =~ s/Found virus or variant (.*?)/$1/;
  } elsif ($virname =~ /Found the .*? trojan/) {
    $virname =~ s/Found the (.*?) trojan/$1/;
  }
  return $virname;
}

$VIRUS_NAME = get_virus_name_nai($VirusScannerMessages);

Cheers
Tony



More information about the MIMEDefang mailing list