Sirs,
The Clean Access Agent Report (CAM -> Clean Access -> Clean Access Agent
-> Reports) will clearly show which checks passed and you should see the
AV type checks only (not pc_ type checks).
-Rajesh.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Simon Kissler
Sent: Monday, February 27, 2006 8:59 AM
To: [log in to unmask]
Subject: Re: problem with antivirus update checks
Ok, I'm gonna ask the stupid question that's been lingering in my head
and I've been wanting to do some reading on for a while but realities
have not given me that luxury lately. I'm under the impression that
we're using the AV Rules from what I'm seeing on the CCA Manager,
however, we are seeing a similar problem to this on and off. How do I
tell for sure which ones we're using ? (yes I know this is probably
somewhere in a manual that I should be reading, but I've done my fair
share of Cisco reading in the last two days and would just appreciate an
easy and clear answer to maybe get this taken care of)
Thanks,
-S
On Mon, 27 Feb 2006, Rajesh Nair (rajnair) wrote:
> Return-Path: <[log in to unmask]>
> Received: from localhost by genesis with LMTP; Mon,
> 27 Feb 2006 10:47:13 -0600
> Received: from smtp01.valpo.edu (smtp01.valpo.edu [152.228.33.51])
> by genesis.valpo.edu (Switch-3.1.7/Switch-3.1.0) with ESMTP id
> k1RGlDnu014733;
> Mon, 27 Feb 2006 10:47:13 -0600 (CST)
> Received: from localhost (localhost [127.0.0.1])
> by smtp01.valpo.edu (8.12.11/8.12.9) with ESMTP id
k1RGlD5e006289;
> Mon, 27 Feb 2006 10:47:13 -0600 (CST)
> Received: from smtp01.valpo.edu ([127.0.0.1]) by localhost (smtp01
> [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04193-10; Mon,
> 27 Feb 2006 10:47:10 -0600 (CST)
> Received: from listserv.muohio.edu (listserv.muohio.edu [134.53.7.26])
> by smtp01.valpo.edu (8.12.11/8.12.9) with ESMTP id
k1RGlA2B006230;
> Mon, 27 Feb 2006 10:47:10 -0600 (CST)
> Received: from nasw2k01 (listserv.muohio.edu) by listserv.muohio.edu
> (LSMTP for Windows NT v1.1b) with SMTP id
> <[log in to unmask]>; Mon, 27 Feb 2006 11:47:10 -0500
> Received: by LISTSERV.MUOHIO.EDU (LISTSERV-TCP/IP release 14.3) with
> spool id
> 44856094 for [log in to unmask]; Mon, 27 Feb 2006
11:47:05
> -0500
> Received: from mulnx11.mcs.muohio.edu by listserv.muohio.edu (LSMTP
for
> Windows
> NT v1.1b) with SMTP id <[log in to unmask]>;
Mon,
> 27 Feb
> 2006 11:47:05 -0500
> Received: from mulnx23.mcs.muohio.edu (mulnx23.mcs.muohio.edu
> [134.53.6.10]) by
> mulnx11.mcs.muohio.edu (Switch-3.1.6/Switch-3.1.6) with
ESMTP id
> k1RGl2Ka024780 for <[log in to unmask]>; Mon, 27
Feb 2006
> 11:47:02 -0500
> Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com
> [171.71.176.72])
> by mulnx23.mcs.muohio.edu (Switch-3.1.6/Switch-3.1.6) with
SMTP
> id
> k1RGl1Fn007888 for <[log in to unmask]>; Mon, 27
Feb 2006
> 11:47:01 -0500
> Received: from sj-core-1.cisco.com ([171.71.177.237]) by
> sj-iport-3.cisco.com
> with ESMTP; 27 Feb 2006 08:47:00 -0800
> X-IronPort-AV: i="4.02,150,1139212800"; d="scan'208,217";
> a="410336728:sNHT61193000"
> Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com
> [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6)
with
> ESMTP
> id k1RGl0Hf011688 for <[log in to unmask]>; Mon,
> 27 Feb 2006
> 08:47:00 -0800 (PST)
> Received: from xmb-sjc-22d.amer.cisco.com ([128.107.191.68]) by
> xbh-sjc-221.amer.cisco.com with Microsoft
> SMTPSVC(6.0.3790.211); Mon,
> 27 Feb 2006 08:47:00 -0800
> X-MimeOLE: Produced By Microsoft Exchange V6.5
> Content-class: urn:content-classes:message
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----_=_NextPart_001_01C63BBD.6D9E9E8D"
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: problem with antivirus update checks
> Thread-Index: AcY7tLcuzJTFwpSBSfWVoOPIAsNoxgAAnERwAACe+yAAANFb8A==
> X-OriginalArrivalTime: 27 Feb 2006 16:47:00.0336 (UTC)
> FILETIME=[6DC89F00:01C63BBD]
> X-Real-ConnectIP: 171.71.176.72
> Message-ID:
>
> <[log in to unmask]>
> Date: Mon, 27 Feb 2006 08:46:59 -0800
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Sender: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> From: "Rajesh Nair (rajnair)" <[log in to unmask]>
> Subject: Re: problem with antivirus update checks
> To: [log in to unmask]
> Precedence: list
> X-Virus-Scanned: by amavisd-new at valpo.edu
>
> Brian,
>
> All the AV type rules use >= for virus definition versions and "later
> than" for virus definition dates.
>
> Based on what you mentioned in your first email, you are most
> certainly using the older pr_ type rules for checking virus
definitions.
>
> If you are using an AV-rule for virus definition, you can see what
> values it is checking for at the bottom of the page when you edit/view
> the rule.
>
> Also, you mentioned that the student failed the requirement once.
> Take a look at the user's report (Clean Access Agent report on the
> CAM: CAM
> -> Clean Access -> Clean Access Agent -> Reports and then search for
> -> her
> report) and see which rule/check failed. That will tell you for sure
> whether you are using AV rules or pr_ rules.
>
> HTH,
> -Rajesh.
>
> ________________________________
>
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Brian Beausoleil
> Sent: Monday, February 27, 2006 8:21 AM
> To: [log in to unmask]
> Subject: Re: problem with antivirus update checks
>
>
>
> I am using the AV rules, but looking in the check/rule section. Are
> the AV rules using their own set of checks? Is there a way to verify
> the values if they are?
>
>
>
> ________________________________
>
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of King, Michael
> Sent: Monday, February 27, 2006 11:03 AM
> To: [log in to unmask]
> Subject: Re: problem with antivirus update checks
>
>
>
> Brian, are you using the AV rules, or are you using the actually
> Check/Rule in the rule list?
>
>
>
>
> ________________________________
>
>
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Brian Beausoleil
> Sent: Monday, February 27, 2006 10:45 AM
> To: [log in to unmask]
> Subject: problem with antivirus update checks
>
> I have been battling with the Norton rules for a while now and
found
> something I am wondering about. I have a student with Norton 2006 and
> definitions of 2/26/2006. Upon logging in, she fails. I look at the
> Norton Update rules and see it looks for a string ending in 2/22/2006.
> Her definitions are newer, so in reality she should pass. I created a
> rule that looks for a version later than 2/22/2006 and she passes. I
> just checked a McAfee update rule and see it said a string contains
> version. Why don't these update rules use the version later than
> feature?
>
>
>
> Is there a reason Cisco uses the current method (string ending
in and
> string contains) and not the version later than? It seems to me this
> would be more flexible since these companies produce def updates more
> often than once a week.
>
>
>
> Thanks for any feedback.
>
>
>
> Brian
>
>
------------------------------------------------------------------------
-------
Simon Kissler [log in to unmask]
UNIX Systems Administrator Phone: (219) 464 6773
Electronic Information Services Fax : (219) 464 5381
Valparaiso University
Kretzmann Hall B22
Valparaiso, IN 46383
------------------------------------------------------------------------
-------
"There are two ways to write error-free programs.
Only the third one works."
-Anon.
------------------------------------------------------------------------
-------
|
