Dan,

I've uploaded at http://www.logsat.com/SpamFilter/pub/nselist.zip a small DOS utility. Just extract and run from a DOS prompt nselist.exe, it's rather self-explanatory - needs one of two switches, /b and /m, to list either binary or macro virruses. Remember you can use the ">" switch to send the results to a file, for ex:

nselist /b > list.txt

How can I check to ensure that I have the most up-to-date Anti-Virus definitions?  I think mine are out-dated?

Here's what I've got (as of 06/06/05 at 10:15AM CST)...from my spamfilter.ini file:

AVUpdateURL=https://www.logsat.com/SpamFilter/
AVEnableUpdates=1
NvcBinDate=5/2/05 12:41:18 PM
NvcIncrDate=6/4/05 4:52:50 PM
NvcMacroDate=5/2/05 12:41:20 PM

Can someone verify that these are the most up-to-date definitions?  I think some viruses are passing through without being "trapped" by SpamFilter.  I've clicked the 'Update Now' button, but I've only seen the NvcIncrDate change, the other two have never changed.

Thanks,

GJ

 

Dan,

I have Symantec real-time scanner running on my SpamFilter/Email server as well, so I don't have any reports that a virus got through.  I do know that my Symantec scanner has removed the Mytob.CU, Mytob.DB, and Mytob.DF, and all of which aren't shown in the list when I run the nselist /b.  So, I just want to make sure that my Norman def's are up to date, in case my Symantec hicups and doesn't catch the viruses.

Also, this is how I understand it, correct me if I'm wrong...Since I have Symantec real-time scanner, and the Norman Anti-Virus plug in for SpamFilter on the same machine, in many cases Symantec might remove the virus before Norman does.  When emails come in, it's put in the "temp" folder, then I beleive Norman cleans viruses from the folder (but in many cases Symantec might clean the virus before Norman does).

GJ

Dan,

Thanks for the information... Interestingly enough, I went into the spamfilter.ini and removed the Date and Time from each of the four AV entries, then stopped and re-started the SpamFilter service, and the system re-downloaded the Norman files.

Now when I run the nselist /b, it shows:

NSE Norman Scanner Engine Version 05.82.01
nvcbin.def Version 05.82 of 2005/06/04 65535 signatures

...and the new nselist /b does show protection on more viruses (including the three Mytob viruses I named in my previous post).

Although, in SpamFilter, on the AntiVirus tab, my NvcBin.def still shows a date of 05/02/05 12:41:18PM, but when I run the nselist /b, the nvcbin.def shows 06/04/05.  Very confusing!

I guess clearing out the ini AV entries, forced the SpamFilter to download new def's, so I hope I don't have this issue in the future (or I hope no one else has this issue).

Thanks Dan!

Greg

Dan, thanks, I understand now.

I re-ran the nselist you re-compiled and I show the same header information as you have.  I guess I'll check the header information in the nselist /b file for the next couple of days to make sure my def's are downloading correctly.

Thanks again for your help!!

GJ