I've had great success using McAfee Antivirus command line scanner (uvscan) with Amavis. You do have to keep your virus definitions data files updated on a regular basis no matter what brand of antivirus scanner you use. I make certain to update mine every week when the new data files are released and more often when emergency unscheduled versions are released. This has saved me big time on one occasion a few months ago when I started getting incoming infected emails with a very new virus only about an hour after I had just updated to the latest data files that could detect this particular new virus. Having an outdated virus scanner is only a very small amount better than not having one at all IMHO. -----Original Message----- From: Marcel Erkens [mailto:merkens@safenebraska.org] Sent: Thursday, December 19, 2002 6:08 AM To: suse-security@suse.com Subject: Re: AW: [suse-security] Amavis virus detection VDF Version says it all. Bugbear wasn't around until after June 13 if memory serves time to "antivir --update" ;) On Thursday 19 December 2002 17:47, Andy Bennett wrote:
Hi,
I obtained an evaluation license for antivir for personal use about a year ago and I also have the evaluation version from SuSE V8.1. The outputs from them with bugbear and eicar.com in the same directory are as follows. ____
AntiVir / Linux Version 2.0.3 Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH. All rights reserved.
Loading /usr/bin/../lib/AntiVir/antivir.vdf ...
VDF version: 6.14.0.3 created 13 Jun 2002
AntiVir license: 149999 for Evaluation licsense for SuSE Linux / UnitedLinux
checking drive/path (cwd): /home/andy /home/andy/eicar.com Date: 19.12.2002 Time: 17:32:28 Size: 69 VIRUS: file contains code of the virus 'Eicar-Test-Signatur'
----- scan results ----- directories: 1 files: 2 infected: 1 repaired: 0 deleted: 0 renamed: 0 scan time: 00:00:01 ------------------------ Thank you for using AntiVir. ___
and
___
AntiVir/Linux Version 6.10.0.0, (Sep 14 2001, 11:31:39) Copyright(c) 1994-2001 by H+BEDV Datentechnik GmbH
Loading /usr/lib/AntiVir/antivir.vdf ...
AntiVir is running in non-key-mode.
VDF version: 6.10.0.10 - FUP(0), created 09/27/2001
checking drive/path (cwd): /home/andy /home/andy/eicar.com Date: 1.11.2002 Time: 11:57:17 Size: 69 VIRUS: file contains code of the virus 'Eicar-Test-Signatur'
----- scan results ----- directories: 1 files: 2 infected: 1 repaired: 0 deleted: 0 renamed: 0 scan time: 00:00:01 -------------------------- Thank you for using AntiVir ____
This may be a strange request but is there some brave soul out there I could send the suspect file just to check it is a virus. My version of AVG anti-virus scanner under windows identifies it as such and the method of it's arrival on my network, (i.e. unrequested file attachment from someone I'd never heard of), says it is - but I'd like to be sure.
I'd also like to see if someone else's antivir or whatever finds it.
TIA Andy
On Thursday 19 December 2002 16:10, Ulrich Roth wrote:
Hello,
I've just installed SuSE 8.1 with Postfix and Amavis and have tried sending the eicar.com virus pattern in an attachment. This worked great - the virus was detected and blocked. However, I also tried sending a copy of Bugbear to one of my own users externally via a web-based email service, (onetel - similar to hotmail, et al), and this was sent through to the user without being blocked :(
The message headers contains the entry
X-Virus-Scanned: by AMaViS 0.3.12pre8
Any ideas, anyone?
Which virus scanner do you use on your SuSE box, and is it up to date? Bye Uli
On Thursday 19 December 2002 16:10, Ulrich Roth wrote:
Hello,
I've just installed SuSE 8.1 with Postfix and Amavis and have tried sending the eicar.com virus pattern in an attachment. This worked great - the virus was detected and blocked. However, I also tried sending a copy of Bugbear to one of my own users externally via a web-based email service, (onetel - similar to hotmail, et al), and this was sent through to the user without being blocked :(
The message headers contains the entry
X-Virus-Scanned: by AMaViS 0.3.12pre8
Any ideas, anyone?
Which virus scanner do you use on your SuSE box, and is it up to date? Bye Uli
On Thursday 19 December 2002 16:10, Ulrich Roth wrote:
Hello,
I've just installed SuSE 8.1 with Postfix and Amavis and have tried sending the eicar.com virus pattern in an attachment. This worked great - the virus was detected and blocked. However, I also tried sending a copy of Bugbear to one of my own users externally via a web-based email service, (onetel - similar to hotmail, et al), and this was sent through to the user without being blocked :(
The message headers contains the entry
X-Virus-Scanned: by AMaViS 0.3.12pre8
Any ideas, anyone?
Which virus scanner do you use on your SuSE box, and is it up to date? Bye Uli
-- os[Linux 2.4.18-4GB - SuSE Linux 8.0 (i386)] up[ 91 days, 2 hours, 53 minutes] -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here