InterScan VirusWall is available as a download from Trend Micro. UC has a site license. The serial number for the license is IVEF-9997-0258-6837-5455.
bennett | https://bennett.eecs.berkeley.edu:8443/interscan | www's password | /usr/local/iscan |
andrews | https://andrews.eecs.berkeley.edu:8443/interscan | www's password | /usr/local/iscan |
gigadev | https://gigadev.eecs.berkeley.edu:8443/interscan | www's password | /home/iscan |
markov | https://markov.eecs.berkeley.edu:8443/interscan Note that this port might not be available outside the fire wall, so the solution is to use Windows Remote Desktop connection to connect to a host on the inside of the firewall (such as gigavault) and then connect to markov. | "admin" user, www's password | /usr/local/iscan |
gigascale | https://www.gigascale.org:8443/interscan | www's password | /home/iscan |
cd /etc/iscan /usr/local/apache/bin/htpasswd .htpasswd adminIt might be worth turning off the virus scanner website, since the departmental scanner says it has problems. To do this, do
mv /etc/rc2.d/S99IScanHttpd /etc/init.d/IScanHttpd /etc/init.d/IScanHttpd stopTo start it up, do
/etc/init.d/IScanHttpd start
http://www.trendmicro.com/download/pattern.asp
http://www.trendmicro.com/ftp/products/pattern/cpr/
/etc/iscan
cd /etc/iscan tar -xf /tmp/ptnNN.tar
/usr/local/adm/trendpatternupdate
:
#!/bin/sh # Sadly, Trend Micro's update does not work under Solaris 10. # # If you use this, update root's crontab to look like: # #0 * * * * /etc/iscan/prescan.cgi # 30 * * * * /bin/csh -c "/usr/local/adm/trendpatternupdate" > /tmp/trendpatt ernupdate.log 2>&1 # Download the latest pattern tar file updateURL=`lynx -dump http://www.trendmicro.com/download/viruspattern.asp | gr ep http://www.trendmicro.com | grep ".tar" | awk '{print $2}'` cd /tmp # wget -nv means "turn off verboseness, without being quiet." wget -nv $updateURL tarfile=/tmp/`basename $updateURL` maillog=/tmp/trendpatternupdate_mail.txt echo "Downloaded $tarfile:" > $maillog echo "`ls -l $tarfile`" >> $maillog # Check to what we last updated to. lastpatternfile=`ls -1tr /etc/iscan/lpt*vpn.[0-9]* | tail -1` lastpatternnumber=`echo $lastpatternfile | awk '{print substr($0,length($0)-2, 3)}'` newpatternnumber=`basename $updateURL | awk '{print substr($0,4,3)}'` # Only update if we have to if [ "$lastpatternnumber" = "$newpatternnumber" ]; then cat $maillog echo "$0: patterns are the same: ($lastpatternnumber == $newpatternnumber) , no need to restart" rm -f $tarfile exit fi echo "$0: Updating from $lastpatternnumber to $newpatternnumber" >> $maillog # Untar and restart the daemon cd /etc/iscan tar -xf $tarfile /etc/rc2.d/S99ISmaild stop sleep 1 shouldBeEmpty=`/bin/ps -ef | grep /etc/iscan/isdelvd | grep -v grep` if [ "x$shouldBeEmpty" != "x" ]; then echo "$0: WARNING: /etc/rc2.d/S99ISmaild stop failed to stop, isdelvd is s till running" >> $maillog echo "$shouldBeEmpty" >> $maillog fi /etc/rc2.d/S99ISmaild start shouldNotBeEmpty=`/bin/ps -ef | grep /etc/iscan/isdelvd | grep -v grep` if [ "x$shouldNotBeEmpty" = "x" ]; then echo "$0: WARNING: /etc/rc2.d/S99ISmaild failed to start, run" >> $maillog echo "/etc/rc2.d/S99ISmaild by hand" >> $maillog fi echo "Restarted isdelvd:" >> $maillog echo "$shouldNotBeEmpty" >> $maillog /usr/ucb/Mail -s "Trend Pattern Update: `basename $updateURL" root < $maillog cat $maillog rm -f $tarfileThis script runs every hour, downloads the latest file and then restarts the daemon if necessary.
http://kb.trendmicro.com/solutions/search/main/search/solutionPrint.asp?solutionID=15724
IVEF-9997-0258-6837-5455
% cd /home/tools/viruswall
% ./isinst
% cd /home % ln -s /export/home/iscan . % cd /home/iscan % mkdir logs % chown iscan.iscan logs % mkdir virus % chown iscan.iscan virus
SSLCertificateFile
directive,
and copy & paste the directive
from /usr/local/apache/conf/ssl.conf.
SSLCertificateKeyFile
directive.
On Solaris: % /etc/rc2.d/S99IScanHttpd stop % /etc/rc2.d/S99IScanHttpd start On Linux: % /etc/init.d/iscanhttpds stop % /etc/init.d/iscanhttpds start
localhost #127.0.0.1
#128.32.48.209 #128.32.48.160 #128.32.48.161
gigascale.eecs.berkeley.edu gigascale.org chess.eecs.berkeley.edu
embedded.eecs.berkeley.edu
"
On Solaris: % /etc/rc2.d/S88sendmail stop % /etc/rc2.d/S88sendmail start On Linux: % /etc/init.d/sendmail stop % /etc/init.d/sendmail startTest virus scanning by sending an email with the a test attachment obtainable at http://www.trendmicro.com/vinfo/testfiles.
begin 755 eicar.com.uu M6#5/(5 E0$%06S1<4%I8-30H4%XI-T-#*3=])$5)0T%2+5-404Y$05)$+4%. 95$E625)54RU415-4+49)3$4A)$@K2"H-"C=] end
etc/iscan/intscan.ini
and add relay ip addresses by hand, then
restart sendmail as above. You may also need to
restart the webserver, otherwise the java apps might
not see the changes.
In mh on doppler, I needed to edit
/opt/nmh-1.0.4/etc/mts.conf
# List of smtp servers to try if using smtp support servers: localhostso that users on the clients could use mh to send email to domains outside of eecs.
chylands at yahoo.com: post: unexpected response; [RPLY] 554 <>... Relay operation rejected send: message not delivered to anyone
Another thing to try would be the smart server entry in sendmail.cf
It runs as a daemon process, called isdelvd
,
that listens to port 25, the default port for sendmail
.
It checks any attachments to mail messages for various kinds of viruses.
If any are found, it removes the virus from the attachment if possible,
or else removes the attachment altogether, saving it in a quarantine
directory, /home/iscan/virus.
It then adds text to the message saying what it did
(if any virus was found),
and sends the message on to sendmail
, which now listens
to port 10025, to be delivered to the recipient.
InterScan VirusWall has a web-based administration tool, at https://www.gigascale.org:8443/interscan. It prompts for an ID and password. The ID is "admin", and the password is www's password.
There is a PDF manual for it, which is in the infrax forum article, InterScan VirusWall Manual. Allen also has a hard copy of the manual.
Information about viruses it detects is logged to /home/iscan/logs/virus.log.<date>.
Mail -v postmasterDon't work.
cxh@bennett 33% Mail -v postmaster Subject: A test to postmaster Body Message . EOT cxh@bennett 34% postmaster... Connecting to [127.0.0.1] via relay... 220-InterScan Version 3.81-Build_1098 $Date: 11/24/2005 15:38:0005$: Ready 220 bennett.EECS.Berkeley.EDU ESMTP Sendmail 8.13.6/8.12.9; Wed, 17 Dec 200 8 11:16:40 -0800 (PST) >>> EHLO bennett.EECS.Berkeley.EDU 250-bennett.EECS.Berkeley.EDU Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP >>> VERB 250 2.0.0 Verbose mode >>> MAIL From:The secret is that the IScan log fileSIZE=78 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 050 ... aliased to root 503 Need RCPT (recipient) 050 root... aliased to cxh@eecs.berkeley.edu, marys@eecs.berkeley.edu 250 2.1.5 ... Recipient ok >>> RSET 250 2.0.0 Reset state /home/eecs/cxh/dead.letter... Saved message in /home/eecs/cxh/dead.letter Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 bennett.EECS.Berkeley.EDU closing connection
12/17/2008 11:16:40 smtp[11790]: smtp[133]: << 503 Need RCPT (recipient)(By ISUX)The message likely comes from
ISSMTP/IScan.SMTP/issmtpd
, or at least the strings
command shows that
503 Need MAIL before RCPT (By ISUX) orcpt= ORCPT anti-relay skipped - [ check rcpt: orcpt= ORCPT anti-relay skipped -- [ 554 < >... Relay operation rejected original server timeout/disconnect while waiting RCPT command response. RCPT command Response ( ): Not add recipient address( ) in the list. rset helowhich indicates that the mail is being rejected because of a problem with RCPT, such as the fact that we are not accepting mail that does not have a domain.