Hi guys... we have in company the SAV 8.1 in a 2k3 Server .. i had read here some posts saying go to 7.6 but we cannot do that... There is any way we can use the vscand.exe ? or to find it from somewhere? (it dont exist in our 8.1 installation).
Thx
Chris
How i setup SAV 8.1 with MailEnable?
-
ms
It works perfect
we use also NAV 8.1 and the mailchecking.
in articles before you can read:
1) Make a directory on your server (C:\NAVCorp) and copy the files from the following directory or CD 2 of NAVCE to it:
navcorp\rollout\avserver\clients\dos
2) Open the MailEnable administration program. Expand the Servers->Localhost->Agents branch, right click on the MTA icon and select Properties from the popup menu. Select the Anti-Virus tab from the window that appears.
3) Make sure that the "Enable anti-virus support" checkbox is selected.
4) Select the "Norton AntiVirus Corporate Edition" item from the list of available anti-virus applications.
5) Make sure that the "Enable" (or "Enable selected anti-virus application") is selected.
6) For the program path, select the "vscand.exe" application from the directory you created in Step 1.
7) Save changes.
Stop the MTA service.
9) NAVCE requires Administrative privileges to run. Since the MTA runs under the LocalSystem account, you need to change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative right (ie. a member of the Administrators group).
10) You must configure NAVCE to ignore the MailEnable directories for scanning (either resident or scheduled) as they will cause problems with the scan. If you have your data and program files for MailEnable in different directories, remember to exclude both of them from NAVCE scanning.
11) Start the MTA service.
12) Make sure you are updating your virus definition files. See the NAVCE documentation for how to do this.
13) Test the configuration by emailing yourself the Eicar test virus from http://www.eicar.com. You can also perform nore advanced testing and debugging by following the details in this article - http://www.mailenable.com/kb/viewarticle.asp?aid=85
oder hier:
Testing MailEnable Anti-virus
When you first set up an AV solution, it can be helpful to follow the steps below to make sure it is working correctly:
1) Stop the MTA service
2) Configure the AV options
3) Open a command prompt, navigate to the Mail Enable\bin directory, and enter the following command:
MEMTA -debug
This will run the MTA service in debug mode and will let you see what is happening (i.e. whether the emails are being scanned).
4) Download and send the test virus from http://www.eicar.org/ This is just a test file that virus checkers pick up, and ideal to test with. You should see the virus checker write output to the screen when the email goes through.
5) To stop the MEMTA service, press Control-C on your keyboard. You can then start the MTA service through the Admin program normally.
TO Autoupdate the virus definitions:
(file name: run-navup.cmd)
--------------------------------
C:
IF NOT EXIST C:\NAVCorp\nul GOTO End
CD \NAVCorp
IF EXIST vplog.rpt DEL vplog.rpt
IF EXIST navup.exe DEL navup.exe
FTP -s:ftp-navup.txt
IF ERRORLEVEL=1 GOTO End
IF NOT EXIST navup.exe GOTO End
navup.exe < Y.txt
:End
--------------------------------
(file name: ftp-navup.txt)
-----------------------------
OPEN ftp.symantec.com
anonymous
test@test.com
BIN
CD /public/english_us_canada/antivirus_definitions/norton_antivirus/
GET navup.exe
BYE
-----------------------------
(file name: y.txt)
-------------------
Y
-------------------
Create the above files in C:\NAVCorp and schedule "run-navup.cmd" to run one each day.
dont forget from time to time to remove the old definitions manally, you get every day 4MB!
has anyone a idea how to remove the old definitions automatically?
is there a command to delete *.vbs files which are older than one week?
in articles before you can read:
1) Make a directory on your server (C:\NAVCorp) and copy the files from the following directory or CD 2 of NAVCE to it:
navcorp\rollout\avserver\clients\dos
2) Open the MailEnable administration program. Expand the Servers->Localhost->Agents branch, right click on the MTA icon and select Properties from the popup menu. Select the Anti-Virus tab from the window that appears.
3) Make sure that the "Enable anti-virus support" checkbox is selected.
4) Select the "Norton AntiVirus Corporate Edition" item from the list of available anti-virus applications.
5) Make sure that the "Enable" (or "Enable selected anti-virus application") is selected.
6) For the program path, select the "vscand.exe" application from the directory you created in Step 1.
7) Save changes.
Stop the MTA service. 9) NAVCE requires Administrative privileges to run. Since the MTA runs under the LocalSystem account, you need to change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative right (ie. a member of the Administrators group).
10) You must configure NAVCE to ignore the MailEnable directories for scanning (either resident or scheduled) as they will cause problems with the scan. If you have your data and program files for MailEnable in different directories, remember to exclude both of them from NAVCE scanning.
11) Start the MTA service.
12) Make sure you are updating your virus definition files. See the NAVCE documentation for how to do this.
13) Test the configuration by emailing yourself the Eicar test virus from http://www.eicar.com. You can also perform nore advanced testing and debugging by following the details in this article - http://www.mailenable.com/kb/viewarticle.asp?aid=85
oder hier:
Testing MailEnable Anti-virus
When you first set up an AV solution, it can be helpful to follow the steps below to make sure it is working correctly:
1) Stop the MTA service
2) Configure the AV options
3) Open a command prompt, navigate to the Mail Enable\bin directory, and enter the following command:
MEMTA -debug
This will run the MTA service in debug mode and will let you see what is happening (i.e. whether the emails are being scanned).
4) Download and send the test virus from http://www.eicar.org/ This is just a test file that virus checkers pick up, and ideal to test with. You should see the virus checker write output to the screen when the email goes through.
5) To stop the MEMTA service, press Control-C on your keyboard. You can then start the MTA service through the Admin program normally.
TO Autoupdate the virus definitions:
(file name: run-navup.cmd)
--------------------------------
C:
IF NOT EXIST C:\NAVCorp\nul GOTO End
CD \NAVCorp
IF EXIST vplog.rpt DEL vplog.rpt
IF EXIST navup.exe DEL navup.exe
FTP -s:ftp-navup.txt
IF ERRORLEVEL=1 GOTO End
IF NOT EXIST navup.exe GOTO End
navup.exe < Y.txt
:End
--------------------------------
(file name: ftp-navup.txt)
-----------------------------
OPEN ftp.symantec.com
anonymous
test@test.com
BIN
CD /public/english_us_canada/antivirus_definitions/norton_antivirus/
GET navup.exe
BYE
-----------------------------
(file name: y.txt)
-------------------
Y
-------------------
Create the above files in C:\NAVCorp and schedule "run-navup.cmd" to run one each day.
dont forget from time to time to remove the old definitions manally, you get every day 4MB!
has anyone a idea how to remove the old definitions automatically?
is there a command to delete *.vbs files which are older than one week?
Re: How i setup SAV 8.1 with MailEnable?
It does not install automatically but it is on the second "Legacy" disc that comes with 8.1.BlueChris wrote:There is any way we can use the vscand.exe ? or to find it from somewhere? (it dont exist in our 8.1 installation).
This solution works!!! It caught my .vbs test and all the tests that I run from http://www.gfi.com/emailsecuritytest/.
Thank you for the script that made the difference!
I am going modify minor details that will allow you to 'purge' old definitions. But if it is pulling down a new one EVERY day why not delete any of the .FDB files daily? The only issue I could see with that is if the FTP did not work properly and it deleted the only file you had. I am going to look into a few ideas.
Oh by the way, I had to modify the ftp-navup.txt (It was not logging in);
Thanks again!
Jerry
Thank you for the script that made the difference!
I am going modify minor details that will allow you to 'purge' old definitions. But if it is pulling down a new one EVERY day why not delete any of the .FDB files daily? The only issue I could see with that is if the FTP did not work properly and it deleted the only file you had. I am going to look into a few ideas.
Oh by the way, I had to modify the ftp-navup.txt (It was not logging in);
Code: Select all
OPEN ftp.symantec.com
user
anonymous
test@test.com
BIN
CD /public/english_us_canada/antivirus_definitions/norton_antivirus/
GET navup.exe
BYE
Jerry
I did everything listed above, and it appeared to work properly. I sent the test virus, and it caught it as expected. Then this morning I wanted to check to see if it was catching the sobig virus. I found 6 in a couple mailboxes during a manual scan. So I resent the test virus, and again, it caught it.
As for the virus definitions, I ran the update script before I did my initial testing and again before my second set of tests. No errors during the update that I could find.
Any ideas why it's not catching the sobig virus?
As for the virus definitions, I ran the update script before I did my initial testing and again before my second set of tests. No errors during the update that I could find.
Any ideas why it's not catching the sobig virus?
Two possiblities come to mind. Vscand may not have been able to launch another instance, but more likely the six that it found were from servers returning an entire undeliverable message. The virus is encoded within the attached message so Vscand does not detect the virus. ME's pros are looking at a way to break out attachments to attachments so that this will not happen.
I will take a closer look at the next few that get by.
But on a similar note, is there any way for it to let me know what the virus it found was? The e-mail notification and logs only show that it was stripped. Is there any way to get a log similar to the output of the -debug command to a logfile? It says what the virus was in the -debug output.
But on a similar note, is there any way for it to let me know what the virus it found was? The e-mail notification and logs only show that it was stripped. Is there any way to get a log similar to the output of the -debug command to a logfile? It says what the virus was in the -debug output.
This works fine for me and updates the virus definitions daily without a problem.
The only problem I'm having is getting VSCAN to detect VBS viruses, is there anything special I have to do?
When I do the email test on , http://www.windowsecurity.com/emailsecuritytest/ , the VBS virus is never detected by the server but it is always detect by my desktop virus checker on the client.
The only problem I'm having is getting VSCAN to detect VBS viruses, is there anything special I have to do?
When I do the email test on , http://www.windowsecurity.com/emailsecuritytest/ , the VBS virus is never detected by the server but it is always detect by my desktop virus checker on the client.
-
Renier
Re: It works perfect
12) Make sure you are updating your virus definition files. See the NAVCE documentation for how to do this.
I have a small problem with this updating.
I've a Norton A V Corp 8.1 on c:\ ( win 2k server )
Then i've installed mail enable on D:\
I've made a d:\Navcorp and i have changed your file ( c --> d: )
What is the procedure to upgrade the exe file in d:\navcorp ?
Have i download all file in symantec ....
can you help me ?
The exe file doesn't found any virus ... because it is not updated...
Thank
I have a small problem with this updating.
I've a Norton A V Corp 8.1 on c:\ ( win 2k server )
Then i've installed mail enable on D:\
I've made a d:\Navcorp and i have changed your file ( c --> d: )
What is the procedure to upgrade the exe file in d:\navcorp ?
Have i download all file in symantec ....
can you help me ?
The exe file doesn't found any virus ... because it is not updated...
Thank
Puzzled,
Does your virus check detect VBS viruses?
Does your virus check detect VBS viruses?
puzzled wrote:When you are running both SAV and vscand, you have it made. Create a batch file that copies all .vdb files to the navcorp folder. Use Scheduled Tasks to run the batch file daily.
====VDUPDATE.CMD===========
copy c:\progra~1\SAV\*.vdb c:\navcorp
==========================
-
Renier
another little question
Well, thank for your help. I've manually copied all dit.vbd and the dos Antivirus is updated and see the mail with virus.puzzled wrote:When you are running both SAV and vscand, you have it made. Create a batch file that copies all .vdb files to the navcorp folder. Use Scheduled Tasks to run the batch file daily.
====VDUPDATE.CMD===========
copy c:\progra~1\SAV\*.vdb d:\navcorp
==========================
I'm on the right way, but there is another little problem...
In test mode the dos prompt write this message
========================================
+---------------------------------------------+
| Norton AntiVirus Corporate Edition |
| Copyright (C) Symantec Corporation 1999 |
| All rights reserved |
+---------------------------------------------+
Windows NT detected, disabling boot sector scan
Preparing to scan...
Unable to locate a virus pattern file in directory D:\NAVCORP\
Returned 2
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed
Scanning: d:\PROGRA~2\MAILEN~1\Scratch\FDC19F~1.MAI\1.ATT
DOS/16M Protected Mode Run-Time Version 6.01
Copyright (C) Tenberry Software Inc. 1987 - 1995
+---------------------------------------------+
| Norton AntiVirus Corporate Edition |
| Copyright (C) Symantec Corporation 1999 |
| All rights reserved |
+---------------------------------------------+
Windows NT detected, disabling boot sector scan
Preparing to scan...
Unable to locate a virus pattern file in directory D:\NAVCORP\
Returned 2
Scanning: d:\PROGRA~2\MAILEN~1\Scratch\FDC19F~1.MAI\2.ATT
DOS/16M Protected Mode Run-Time Version 6.01
Copyright (C) Tenberry Software Inc. 1987 - 1995
+---------------------------------------------+
| Norton AntiVirus Corporate Edition |
| Copyright (C) Symantec Corporation 1999 |
| All rights reserved |
+---------------------------------------------+
Windows NT detected, disabling boot sector scan
Preparing to scan...
Unable to locate a virus pattern file in directory D:\NAVCORP\
Returned 2
========================================
It seem that it cannot locate a virus pattern file in directory D:\NAVCORP\
What is the problem now ?
thank for response
I have an updated sobig MTA script that is working well for me- email me at johnw@allprosoftware.com if you'd like a copy. Use at your own risk 
.
.