This is a discussion on RE: Pmdf with vsweep - VMS ; Bill, I just want to make sure I understand. What your suggesting is that if an email message is not formatted properly then it wouldn't match the conversion entry I had, and therefore it wouldn't be scanned? Questions: Would the ...
I just want to make sure I understand.
What your suggesting is that if an email message is not formatted properly
then it wouldn't match the conversion entry I had, and therefore it wouldn't
Would the vsweep_pmdf.com file (basically the longer one posted on
process.com) handle a message that is not formatted properly, or would I
need to make changes to it?
Would it be better to add those 4 lines after my existing stuff or simply
remove the NAME and FILENAME lines from what I had?
Would having the 2 mean that something is scanned twice?
Thanks for your help,
Coordinator IT Systems & Networks
Renfrew County District School Board
From: Bill MacAllister [mailto:email@example.com]
Sent: February 6, 2004 11:20 AM
Subject: RE: Pmdf with vsweep
I seem to remember from some of my testing that with a conversion
specification like you have below that if you don't have FILENAME and NAME
mime parameters the conversion does not happen. Try adding:
in-channel=*; in-type=*; in-subtype=*;
after the conversion specification that you already have in the conversions
--On Friday, February 06, 2004 09:09:31 AM -0500 David Priebe
> Hi there,
> Thanks for your suggestions.
> I think I have the conversions. file set properly:
> $ type conversions.
> in-channel=*; in-type=*; in-subtype=*;
> parameter-symbol-0=NAME; parameter-copy-0=*;
> dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
> message-header-file=2; original-header-file=1;
> David Priebe
> Coordinator IT Systems & Networks
> Renfrew County District School Board
> -----Original Message-----
> From: Bill MacAllister [mailto:firstname.lastname@example.org]
> Sent: February 6, 2004 12:35 AM
> To: email@example.com
> Subject: Re: Pmdf with vsweep
> --On Thursday, February 05, 2004 11:43:48 PM -0500 David Priebe
>> $ pmdf ver
>> %PMDF-I-VERSION, PMDF version is PMDF V6.2
>> COMPAQ AlphaServer DS10 617 MHz running OpenVMS Alpha V7.2-1
>> PMDF_SHARE_LIBRARY version V6.2-X21; linked 10:35:46, Dec 17
>> Hi all,
>> This question is slightly off-topic, but I believe many pmdf users are
>> also using vsweep if running on OpenVMS.
>> - Background.
>> I have the conversions file in pmdf running the .com file which is only
>> slightly modified from the one posted on Process's web site. If a virus
>> is found by vsweep, I substitute the attachment and let the message
>> continue on it's way.
>> The clients have McAfee's Virusscan installed, and email scanning is
>> Vsweep updates are triggered by a special account I have set up
>> (mail.delivery) and subscribed to Sophos's mailing list for new ide's.
>> Virusscan is automatically updated daily against our server.
>> Each of these pieces email our tech's to let them know a virus was
>> So, most email viruses should be caught by vsweep, and if it's not up
>> date for some reason, then they should be caught by Virusscan.
>> - Enter Mydoom.
>> I checked the logs and Jan 26 at 8:00pm is when vsweep was automatically
>> updated with the ide for mydoom.
>> So, I'm not sure when the virus first got to our site, but if it was
>> before vsweep was updated, then I would expect to have it in users
>> inboxes. To check, I did a manual scan of my entire msgstore tree and
>> found only 1 copy of the virus. The problem is I am continually being
>> notified by virusscan that it is finding more copies of the mydoom
>> virus. We're using imap (msgstore), so with all their folders manually
>> scanned, I don't know why virusscan on the PC is still finding the
>> virus. I checked, and these users do not have multiple accounts set up
>> in Outlook. The only thing I can think of is that vsweep is not finding
>> the virus for some reason.
>> One thing I noticed is that the vsweep example on Process's web site
>> does not include the /arch, but I do. I thought that was required in
>> order to have vsweep look in .zip files.
>> Has anyone else come across this, or might have some suggestions on what
>> to check next?
>> My sweep command is:
>> $ SOPHOS_SWEEP: SUBROUTINE
>> $ CONVERTER_COMMAND=="$vsweep_exe:vsweep_axp.exe"
>> $ CONVERTER_COMMAND 'INPUT_FILE'/ff/ns/il/arch/nooutput
>> The virus I have seen get through is inside .zip files
> Are you sure the .zip files are being scanned? What does your
> conversions file look like?
>> Ideas anyone?
>> David Priebe
>> Coordinator IT Systems & Networks
>> Renfrew County District School Board
>| Bill MacAllister
>| 14219 Auburn Road
>| Grass Valley, CA 95949
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949