Makes sense.
Matt
Colbeck, Andrew wrote:
A very basic:
was not working when
Scott (and then I) tried it. But it does now, including with
the -O parameter. I'd hazard a guess that they have some kind of
front-end webcache or cluster, and things weren't perfectly synched.
I'm using 1.10-something.
Andrew 8)
Scott and Andrew,
It does in fact work on my system. I'm using Wget 1.8.1+cvs. The beta
definitions do change very frequently, so this might throw you off.
Try executing a derivative of the following command twice and see what
happens (remove the line break and adjust the paths):
C:\Progra~1\wget\wget --limit-rate=1000k --progress=dot -t 3 -N -P
C:\Progra~1\McAfee\update\ http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
Matt
Scott Fisher wrote:
-Matt,
Does the wget -N command work
for you with Mcafee.
I also use the -N and get the
full download every time.
-----
Original Message -----
Sent:
Monday, September 12, 2005 4:13 PM
Subject:
Re: [Declude.Virus] Seemingly bad virus this morning
Nice script, but the executables don't change regularly, and many of us
are using the command line version of McAfee that requires an
unvalidated download. This also doesn't get the beta DAT's.
I use a script that calls both wget and WinZip's free command line
add-on (requires a registered WinZip). It is easy enough to replace
that with any other command line unzipping tool. Personally I find
WinZip to be perfectly reliable so I'm sticking with it.
C:\Progra~1\wget\wget --limit-rate=1000k
--progress=dot -t 3 -N -P C:\Progra~1\McAfee\update\ http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
2>&1 | find "100%%"
IF ERRORLEVEL 1 GOTO END
C:\Progra~1\WinZip\wzunzip -ybc
C:\Progra~1\McAfee\update\win_netware_betadat.zip C:\Progra~1\McAfee\
:END
ENDLOCAL
Matt
Markus Gufler wrote:
attached you can find a script
(I'm not the creator of this script but can't remember who's the
genius) that will download the superdats and also the dailydat-files,
extract all necessary virus definitiions and also engine updates, write
any action to a logfile and keep the downloaded superdats so that you
can't revert manualy if it would be necessary.
You need some command line tools
like unzip and wget and adapt the path information in the script for
your needs.
This script works on my server
now for years and I hope it will do so also if now a lot of people will
run it on their servers.
Markus
Hmm, yes.
Something along the lines of:
and then parsing out the line:
FileName=dat-4579.zip
or
DATVersion=4579
in order to construct the
filename... but it seems like re-inventing the wheel. The readme.txt
talks about a SuperDAT downloading mechanism, which sounds exactly like
the F-Prot GUI downloader.
Andrew 8)
Hi Matt -
Matt wrote:
I was wrong about what was detecting it first...it was F-Prot. I just
figured out that my McAfee update script is no longer working. Does
anyone have a newer link to the daily DAT's than http://download.nai.com/products/mcafee-avert/daily_dats/DailyDAT.zip.
This link works -
ftp.nai.com
/pub/antivirus/datfiles/4.x
-Nick
Thanks,
Matt
John Tolmachoff (Lists) wrote:
OK, so it is cpl file, which we should all have in our list of banned
extensions including banned if within a zip file, so we should all be safe,
correct?
John T
eServices For You
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: [email protected]
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened the zip file and it contained one file called "1.cpl" (without
the
quotes). Some sort of malicious Control Panel applet?
----- Original Message -----
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, September 12, 2005 11:55 AM
Subject: RE: [Declude.Virus] Seemingly bad virus this morning
What is the payload inside the zip?
John T
eServices For You
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: [email protected]
Subject: [Declude.Virus] Seemingly bad virus this morning
FYI, We found a rapidly spreading zip virus beginning at about 8:15
a.m.
this morning, first coming from Eastern Europe. McAfee seems to be
detecting all of them now, but F-Prot as of this moment is not on our
system. Every attachment name seemingly contained the word "price".
Here's a quick filter that I had put together for it:
HEADERS END NOTCONTAINS boundary="--------
BODY END NOTCONTAINS attachment; filename="
BODY END NOTCONTAINS .zip" Content-Transfer-Encoding
BODY 15 CONTAINS price
Matt
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
|
