This is a discussion on Re: Pmdf with vsweep - VMS ; --On Thursday, February 05, 2004 11:43:48 PM -0500 David Priebe wrote: > $ pmdf ver > %PMDF-I-VERSION, PMDF version is PMDF V6.2 > COMPAQ AlphaServer DS10 617 MHz running OpenVMS Alpha V7.2-1 > PMDF_SHARE_LIBRARY version V6.2-X21; linked 10:35:46, Dec 17 ...
--On Thursday, February 05, 2004 11:43:48 PM -0500 David Priebe
> $ pmdf ver
> %PMDF-I-VERSION, PMDF version is PMDF V6.2
> COMPAQ AlphaServer DS10 617 MHz running OpenVMS Alpha V7.2-1
> PMDF_SHARE_LIBRARY version V6.2-X21; linked 10:35:46, Dec 17
> Hi all,
> This question is slightly off-topic, but I believe many pmdf users are
> also using vsweep if running on OpenVMS.
> - Background.
> I have the conversions file in pmdf running the .com file which is only
> slightly modified from the one posted on Process's web site. If a virus
> is found by vsweep, I substitute the attachment and let the message
> continue on it's way.
> The clients have McAfee's Virusscan installed, and email scanning is
> Vsweep updates are triggered by a special account I have set up
> (mail.delivery) and subscribed to Sophos's mailing list for new ide's.
> Virusscan is automatically updated daily against our server.
> Each of these pieces email our tech's to let them know a virus was
> So, most email viruses should be caught by vsweep, and if it's not up
> date for some reason, then they should be caught by Virusscan.
> - Enter Mydoom.
> I checked the logs and Jan 26 at 8:00pm is when vsweep was automatically
> updated with the ide for mydoom.
> So, I'm not sure when the virus first got to our site, but if it was
> before vsweep was updated, then I would expect to have it in users
> inboxes. To check, I did a manual scan of my entire msgstore tree and
> found only 1 copy of the virus. The problem is I am continually being
> notified by virusscan that it is finding more copies of the mydoom
> virus. We're using imap (msgstore), so with all their folders manually
> scanned, I don't know why virusscan on the PC is still finding the
> virus. I checked, and these users do not have multiple accounts set up
> in Outlook. The only thing I can think of is that vsweep is not finding
> the virus for some reason.
> One thing I noticed is that the vsweep example on Process's web site
> does not include the /arch, but I do. I thought that was required in
> order to have vsweep look in .zip files.
> Has anyone else come across this, or might have some suggestions on what
> to check next?
> My sweep command is:
> $ SOPHOS_SWEEP: SUBROUTINE
> $ CONVERTER_COMMAND=="$vsweep_exe:vsweep_axp.exe"
> $ CONVERTER_COMMAND 'INPUT_FILE'/ff/ns/il/arch/nooutput
> The virus I have seen get through is inside .zip files
Are you sure the .zip files are being scanned? What does your conversions
file look like?
> Ideas anyone?
> David Priebe
> Coordinator IT Systems & Networks
> Renfrew County District School Board
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949