Roberto,

How can we check if a virus is in the defs?  I am getting a LOT of the mailto:W32.Mytob.CU@mm - W32.Mytob.CU@mm  viruses passing through the filter.

The following Banned Attachments SHOULD help catch most but I have not yet tested them so use at your own risk:

((?i)[^\.]+\.((tmp)|(doc)|(htm)|(txt))[\s]*?\.((pif)|(scr)|(exe)|(cmd)|(bat)))

((?i)((email-info)|(email-doc)|(information)|(account-detail s)|(document)|(INFO))\.zip)

((?i)((instructions)|(info-text)|(information)|(hello)|(zcum grr))\.zip)

Regards,

PERFECT!  And Thanks as usual!

Regards,

How can I check to ensure that I have the most up-to-date Anti-Virus definitions?  I think mine are out-dated?

Here's what I've got (as of 06/06/05 at 10:15AM CST)...from my spamfilter.ini file:

AVUpdateURL=https://www.logsat.com/SpamFilter/
AVEnableUpdates=1
NvcBinDate=5/2/05 12:41:18 PM
NvcIncrDate=6/4/05 4:52:50 PM
NvcMacroDate=5/2/05 12:41:20 PM

Can someone verify that these are the most up-to-date definitions?  I think some viruses are passing through without being "trapped" by SpamFilter.  I've clicked the 'Update Now' button, but I've only seen the NvcIncrDate change, the other two have never changed.

Thanks,

GJ

Greg,

The NvcIncrDate=6/4/05 4:52:50 PM is the "Incremental" def file so that is the most important date (i believe).  However,  I, too had some viruses sneak by but have not received any information from the customer as to WHAT virus it was. If you know what virus it is that got past your system, I thing we all would linke to know what it was.

Regards,

Dan,

I have Symantec real-time scanner running on my SpamFilter/Email server as well, so I don't have any reports that a virus got through.  I do know that my Symantec scanner has removed the Mytob.CU, Mytob.DB, and Mytob.DF, and all of which aren't shown in the list when I run the nselist /b.  So, I just want to make sure that my Norman def's are up to date, in case my Symantec hicups and doesn't catch the viruses.

Also, this is how I understand it, correct me if I'm wrong...Since I have Symantec real-time scanner, and the Norman Anti-Virus plug in for SpamFilter on the same machine, in many cases Symantec might remove the virus before Norman does.  When emails come in, it's put in the "temp" folder, then I beleive Norman cleans viruses from the folder (but in many cases Symantec might clean the virus before Norman does).

GJ

Greg,

My defs show all 3 that you list and my nselist header shows:

NSE Norman Scanner Engine Version 05.82.01
nvcbin.def   version 05.82 #0 99405 signatures. Built 2005/06/04 13:41:44

ALso,  I have a slighty newer version at http://spamman.mags.net/repl/norman/nselist.zip - http://spamman.mags.net/repl/norman/nselist.zip

Regards,

Dan,

Thanks for the information... Interestingly enough, I went into the spamfilter.ini and removed the Date and Time from each of the four AV entries, then stopped and re-started the SpamFilter service, and the system re-downloaded the Norman files.

Now when I run the nselist /b, it shows:

NSE Norman Scanner Engine Version 05.82.01
nvcbin.def Version 05.82 of 2005/06/04 65535 signatures

...and the new nselist /b does show protection on more viruses (including the three Mytob viruses I named in my previous post).

Although, in SpamFilter, on the AntiVirus tab, my NvcBin.def still shows a date of 05/02/05 12:41:18PM, but when I run the nselist /b, the nvcbin.def shows 06/04/05.  Very confusing!

I guess clearing out the ini AV entries, forced the SpamFilter to download new def's, so I hope I don't have this issue in the future (or I hope no one else has this issue).

Thanks Dan!

Greg

Greg,

A couple of things.  First the 65535 is bogus which is why I got the new one from norman and compiled it (c code).  Also, the may dates are correct.  The incremental file is where the day - to -day updates are downloaded to. 

Regards,

Dan, thanks, I understand now.

I re-ran the nselist you re-compiled and I show the same header information as you have.  I guess I'll check the header information in the nselist /b file for the next couple of days to make sure my def's are downloading correctly.

Thanks again for your help!!

GJ