RE: [Declude.Virus] McAfee DailyDAT download location change.

[Colbeck, Andrew]

Mr. Obvious says:   You would have to change the URL plus the name of the file you're unzipping!   So that I didn't have to change my script much, I changed my wget line to:   wget http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip -O dailyscan.zip   The -O parameter tells wget to save the requested file with that particular filename.   I think that NAI/McAfee changed the path as part of the web interface change to funnel people through their EULA.  When I follow it through, the web interface takes you to a filenames that now have a dynamic instead of static name.   If they change the URL again, we may need a smarter script that can scrape out the correct name from the webpage.  Hopefully, they'll bring the static name back, perhaps parallel to the Stinger download.   Andrew 8)   p.s. I only use McAfee as a backup, standalone scanner.  Not part of my Declude at all.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, September 12, 2005 12:58 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] McAfee DailyDAT download location change. I changed the subject so that people can be alerted to this.  Announcements of things like this would be useful to the entire Declude customer base.  I am afraid that we are a little over a month behind.  Those with a single scanner would be screwed. I adjusted my scripts to use the link that you provided and it does in fact work just great...so far :) Thanks, Matt Scott Fisher wrote: Great catch Matt. Mine's gone too since August 2.... Thank you Declude for multiple virus scanner option.   Try: http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip   From: http://groups.google.com/group/mailing.unix.amavis-user/browse_thread/thread/890f45b2e1cfdec9/61f1bcbcc4e71848?lnk=st&q=dailydat&rnum=1&hl=en#61f1bcbcc4e71848     ----- Original Message ----- From: Matt To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 2:26 PM Subject: Re: [Declude.Virus] Seemingly bad virus this morning This is a new Bagel variant:     http://vil.nai.com/vil/content/v_129588.htm I was wrong about what was detecting it first...it was F-Prot.  I just figured out that my McAfee update script is no longer working.  Does anyone have a newer link to the daily DAT's than http://download.nai.com/products/mcafee-avert/daily_dats/DailyDAT.zip. Thanks, Matt John Tolmachoff (Lists) wrote: OK, so it is cpl file, which we should all have in our list of banned extensions including banned if within a zip file, so we should all be safe, correct? John T eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Monday, September 12, 2005 11:49 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morning I opened the zip file and it contained one file called "1.cpl" (without the quotes). Some sort of malicious Control Panel applet? ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <Declude.Virus@declude.com> Sent: Monday, September 12, 2005 11:55 AM Subject: RE: [Declude.Virus] Seemingly bad virus this morning What is the payload inside the zip? John T eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, September 12, 2005 7:52 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Seemingly bad virus this morning FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m. this morning, first coming from Eastern Europe. McAfee seems to be detecting all of them now, but F-Prot as of this moment is not on our system. Every attachment name seemingly contained the word "price". Here's a quick filter that I had put together for it: HEADERS END NOTCONTAINS boundary="-------- BODY END NOTCONTAINS attachment; filename=" BODY END NOTCONTAINS .zip" Content-Transfer-Encoding BODY 15 CONTAINS price Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ------------------------------------------------------------------- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) ------------------------------------------------------------------- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.