LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

September 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS September 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Cisco rules vs local rules
From:	"Pender, Anne" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Wed, 21 Sep 2005 14:21:24 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (73 lines)

John,

I agree on the need for better troubleshooting.  Just as we got the
ability to see which check was failing on most rules, we lost
transparency again because we have no way to tell what the AV rule is
actually looking for.

I've found that McAfee Security Center (VirusScan that's not Enterprise)
is not very communicative, either, and that may be the cause of your
problem in this case.  I've seen it cheerfully report "up to date" with
a months-old DAT and no network connection at all - just because you
can't find any information one way or the other doesn't mean you should
assume you're updated, silly program!  

There's no manual way (that I've found) to locally run an update in
non-Enterprise, the downloadable DATs for Enterprise will not work.
(Their model is a subscription for DAT updates, so they don't want you
to be able to download an updater and pass it around, they want to check
your identity and status every time.)  So until you can get the built-in
update to work properly, you're stuck.

McAfee also seems to delay getting the new DATs out to the Security
Center download site.  Your troubles this week may have been related to
having two DATs come out in one day on Monday due to the rash of Bagle
variants mailing themselves around.

It would definitely be great to be able to say DAT-1 is OK too in Clean
Access.  We require our students to use VirusScan Enterprise (and
provide it, free of charge), which is a bit easier to deal with (still
no picnic).  So we don't have a burning need to get around it.  Faculty
and staff on their personally owned machines do get VirusScan and
Security Center, so I see it occasionally when they bring their personal
laptop onto our wireless network and need to get authenticated.

-Anne

--
Anne Bower Pender
Computing Support Analyst, Student Services
Information Technology Services, Davidson College
[log in to unmask]


-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of John Rocchio
Sent: Wednesday, September 21, 2005 1:54 PM
To: [log in to unmask]
Subject: Cisco rules vs local rules

We continue to have sporadic problems with CCA and McAfee.  I was
helping a student yesterday who had a one-day old DAT file, and CCA
wouldn't let her on.  I visit the update site with the software (McAfee
Security Center) and it says its up to date.  I go to their web site and
there is today's DAT file available for download.  I try downloading it
and updating McAfee and it fails, saying there is no eligible product to
update.

I think we as a group need to continue (or start) bugging them about
providing better diagnostics to identify what the failure is.

I'd also like to see if some adjustments can be made for a more liberal
interpretation of "up to date", locally configurable of course.  As far
as I'm concerned a one-day old update of McAfee is still OK to use the
network, but Cisco only seems to accept the absolute most current
version.

Have you written your own rules to deal with these situations?

John Rocchio
ResNet Manager
UC Santa Cruz

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU