Re: [Clamav-users] failure with 0.75.1 (was Re: success report on 0.75.1)
On Wed, 4 Aug 2004, Christopher McCrory wrote: On Fri, 30 Jul 2004 13:44:37 -0700, Christopher McCrory [EMAIL PROTECTED] wrote: FWIW , I updated to 0.75.1 today and it is working well. broken MIME Mydoom.M are (almost all) caught and mem usage is at ~14M. 0.75 would reach 1G ram then soon seg fault and fail. I was blocking all free@ instantly@ and noreply@ to keep the mem usage down. I started allowing these to test. so far no crashes. a few mydoom.M's got through, but they are probably fragments. clamav 0.75.1 rebuilt http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.75.1-1.src.rpm RHEL3 plenty of ram and disk sendmail - clamav-milter - clamd Once per week we send a newsletter out to many people. This takes ~10 hours as it's not very optimized. One message per receipent, not one message - many. clamd keeps failing over I added --dont-scan-on-error to the clamav-milter args, the frequency was reduced, but not eliminated That's not good to hear mind telling us more about your setup, like what flags you pass to clamav-milter and any changes you made to your .conf files? Sounds like you're scanning outgoing mail, or are you sending stuff to your own users? Using rate-limiting options would probably save you here... specifically it sounds like the --dont-wait option to clamav-milter would save your arse. Please report back if you find a fix, but I'm betting on the --dont-wait Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter modifies subject
Hi, I recently installed clamav-milter 0.75 with sendmail 8.13.0 and I have the following effect: Clamav-milter modifies the Subject-line in the following cases: The Postmaster-alert-message contains the subject 1) Virus intercepted\n\ton servername 2) Messages being generated by the vacation-Program (bundled with sendmail) also get the string \n\ton servername appended to the Subject-line. How can I change this behaviour? Tnx, Armin --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] minor clamav-milter patch
On Wednesday 04 Aug 2004 07:17, Damian Menscher wrote: static const char *localAddresses[] = { ^127\\.0\\.0\\.1$, ^192\\.168\\.[0-9]*\\.[0-9]*$, ^172\\.1[6-9]\\.[0-9]*\\.[0-9]*$, ^172\\.2[0-9]\\.[0-9]*\\.[0-9]*$, ^172\\.3[0-1]\\.[0-9]*\\.[0-9]*$, ^10\\.[0-9]*\\.[0-9]*\\.[0-9]*$, NULL }; Commited as clamav-milter 0.75f. Thanks for this. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Template question
On Saturday 24 Jul 2004 18:52, Dan O'Brien wrote: Additional information: Virus: %v Daemon Name:{daemon_name} snip 0.75f now has improved template file handling. Thanks to you and to Sergey Y. Afonin [EMAIL PROTECTED] for pushing me on this. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] ClamAV devel, and email formats (was: Re: 0.75.1 not detecting many more viruses :-( )
Jesse wrote: 2.) I'm thinking of writing a general purpose Email module for the OCaml programming language. However, I think the ClamAV project is PROOF that there are more ways to package email than any one person can count. ASCII, Unicode, MIME, TNEF, UPX, Base64, etc... the list goes on and on, with more coming out every day, it seems. I think you maybe a little 'shocked and awed' by the plethora of possibilities. In my experience all you need to worry about is the MIME structure and make allowances for UU encoded attachments (there has to be exceptions, right?). MIME is described in rfcs 2045-2049 (2045 is the important one). If you want to produce the various parts of the email as sent then you'll need to handle TNEF, quoted-printable and base64. Things like Unicode, UPX, etc. are very much application details and shouldn't impact upon your email module - remember ClamAV handles these aspects itself. This is a little naive as a design document (TNEF is, strictly speaking from a MIME p-o-v, an application-specific problem) but hopefully it'll give you an idea of where to start. Think of MIME as describing a tree and you just want to decode (un-base64, un-quoted-printable, un-whatever) the leaves that interest you. I'm starting to think there may be some legs in producing XML from MIME for emails that flow through a process/work flow application - but that's definitely way OT. snip So, with that in mind, is there a document, or a group of documents out there that I can read (gimme RFCs, non-official standards, ANYTHING) that describe the plethora of standards ClamAV uses or plans to use in the future? Or maybe just a general list of what's currently out there? rfc822 is the daddy, rfc2045-2049 describe mime which sits on top of rfc822. TNEF is (a bugger) and is described here : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mapi/html/_ mapi1book_tnef_stream_structure.asp. There are almost more things beside these to consider but I've not come across them yet. HTH, Dan. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Warning messages are queued after upgraded to 0.75.1
Dear all, After upgraded to 0.75.1, the warning messages Virus intercepted are queued on the mqueue, is it configurable in clamav.conf? Thanks, Martin Chan --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Warning messages are queued after upgraded to 0.75.1
Dear all, After upgraded to 0.75.1, the warning messages Virus intercepted are queued on the mqueue, is it configurable in clamav.conf? Turn off scanning of local messages. Thanks, Martin Chan -Nigel --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Amavis-new and Clamd
On Wed, 2004-08-04 at 23:01, Jeff Ramsey wrote: On Aug 4, 2004, at 7:48 PM, [EMAIL PROTECTED] wrote: - Original Message - From: Cody Dabb [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 4:11 PM Subject: [Clamav-users] Amavis-new and Clamd What is the best way to setup clamd with amavis-new? When email pass through our postfix server amavis gives the following error: amavis[3414]: (03414-12) WARN: all primary virus scanners failed, considering backups I have the clamd setup to be primary and backup AV scanner, it never seems to scan for viruses coming in. Config files: /etc/amavisd.conf $unix_socketname = /tmp/clamd; #$MYHOME/amavisd.sock; # amavis helper protocol socket @av_scanners = ( ### http://www.clamav.net/ ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /tmp/clamd], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd; match the socket # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: [CONTSCAN {}\n,$MYHOME/clamd], @av_scanners_backup = ( ### http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], /etc/clamav.conf # which is only accessible for a user running daemon. LocalSocket /tmp/clamd User vscan Not an expert by any means but you should check the following: Is the socket file actually being created in /temp/clamd ? If not you probably have a permissions issue. Is vscan the Amivis user too? If not change the user to the Amavis user. Agreed. 95% of my startup issues were permission related. Just make sure that all of the clam/amavis/mailserver run as the same user. Or, I finally made a group called 'maildaemons', and made each pertenent account a member of it. I changed the group on all related files/directories to 'maildaemons'. Then I set the g+wr on all of the config and queue directories, and set the g+wrx on all of the related executables. It took me quite a while to get all of that set correctly, but it works now. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users That was the problem! I found it right after I sent in the email.:) Once I changed the unix socketname back on the amavis everything started to work. Thanks everyone. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Template question
Nigel Horne [EMAIL PROTECTED]wrote: 0.75f now has improved template file handling. Most excellent!! I'll give it a whirl when the next tarball is available. Dan --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [PATCH] catch Mydoom.M binary fragments
On Thu, 5 Aug 2004, Trog wrote: The attached patch for clamav-0.75.1 will catch the files sent by Mydoom.M that have been reported as binary fragments. They will get reported as Mydoom.M.log Is this a one-time patch-against-0.75.1 or something that will show up in the development tree? I don't see it in CVS yet, but perhaps that just hasn't been updated yet. -- Charlie Watts Brainstorm Internet 970 247-1442 x113 [EMAIL PROTECTED] http://www.brainstorminternet.net/ --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Segmentation Fault in clamav-milter
On Thu, 2004-07-08 at 18:27, Nigel Horne wrote: On Thursday 08 Jul 2004 18:43, Robert Schmidt wrote: This is happening pretty frequently, 2 or 3 times per day. I upgraded from .70 to .74 to see if it made any difference. It didn't. Is 0.74b any better? Thanks for your help in the past Nigel. I have some more information for you. Sorry for replying to an old email, but we are still getting a large number of segmentation faults from clamav-milter and I have upgraded. I'm now running using LD_ASSUME_KERNEL=2.4.1 to avoid using tls (and confounding the problem). [EMAIL PROTECTED] tmp]# clamav-milter --version ClamAV version 0.75, clamav-milter version 0.75 Consider the following: -rw---1 clamav clamav 230113280 Aug 5 12:27 core.31046 -rw---1 clamav clamav 110624768 Aug 5 09:41 core.10306 -rw---1 clamav clamav 21757952 Aug 5 07:16 core.2502 -rw---1 clamav clamav 84955136 Aug 5 06:39 core.19641 -rw---1 clamav clamav 168656896 Aug 5 03:02 core.18995 -rw---1 clamav clamav 99598336 Aug 4 22:05 core.2370 -rw---1 clamav clamav 96075776 Aug 4 20:21 core.19319 -rw---1 clamav clamav 183545856 Aug 4 19:31 core.26330 -rw---1 clamav clamav 275963904 Aug 4 14:32 core.869 -rw---1 clamav clamav 326488064 Aug 4 13:48 core.32732 -rw---1 clamav clamav 202952704 Aug 4 12:19 core.11540 -rw---1 clamav clamav 15761408 Aug 4 07:59 core.25930 -rw---1 clamav clamav 153845760 Aug 4 07:21 core.9481 -rw---1 clamav clamav 164413440 Aug 4 05:36 core.24114 -rw---1 clamav clamav 105816064 Aug 4 01:30 core.21933 -rw---1 clamav clamav 143376384 Aug 3 23:53 core.17244 -rw---1 clamav clamav 30695424 Aug 3 19:14 core.9390 -rw---1 clamav clamav 199921664 Aug 3 12:37 core.6331 -rw---1 clamav clamav 204795904 Aug 3 11:33 core.24870 -rw---1 clamav clamav 184135680 Aug 3 07:33 core.27186 -rw---1 clamav clamav 242483200 Aug 2 13:33 core.14989 -rw---1 clamav clamav 149618688 Aug 1 21:06 core.29225 -rw---1 clamav clamav 15642624 Aug 1 10:25 core.22995 -rw---1 clamav clamav7016448 Aug 1 03:44 core.17306 [EMAIL PROTECTED] tmp]# gdb /usr/sbin/clamav-milter core.31046 GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-redhat-linux-gnu... (no debugging symbols found)...Using host libthread_db library /lib/tls/libthre ad_db.so.1. Core was generated by `/usr/sbin/clamav-milter --max-children=300 --force-scan - -dont-scan-on-error --'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/lib/libclamav.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libclamav.so.1 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libbz2.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libbz2.so.1 Reading symbols from /usr/lib/libgmp.so.3...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libgmp.so.3 Reading symbols from /lib/i686/libpthread.so.0... (no debugging symbols found)...done. Loaded symbols for /lib/i686/libpthread.so.0 Reading symbols from /usr/lib/libwrap.so.0...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libwrap.so.0 Reading symbols from /lib/i686/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i686/libc.so.6 ---Type return to continue, or q return to quit--- Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)... done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_dns.so.2...(no debugging symbols found)... done. Loaded symbols for /lib/libnss_dns.so.2 Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libresolv.so.2 #0 0x0804c0d7 in clamfi_connect () (gdb) bt #0 0x0804c0d7 in clamfi_connect () #1 0x08051d2b in st_connectinfo () #2 0x0856bce0 in ?? () #3 0x015f7d94 in ?? () (gdb) -- Robert Schmidt -- UNIX Tech Support [EMAIL PROTECTED] MC1021 519-888-4567 x6453 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in
[Clamav-users] Clamav Engine upgrades?
Over the past few days I've had a few reports of a virus getting through, and while the sig database has that virus listed (sigtool -l), I don't see any blocks in my messages log. I'm still running a slightly older version of clamav on most my boxes (0.72) since there were some issues with the newer versions over the past few weeks, though I'm thinking they may have been resolved? My main question is, that with some of these new signatures that have been released, do they need an upgrade of the scanning engine (libclamav?) itself? I'm guessing the answer is yes, and also wondering if there is a way to include automated notification when freshclam runs perhaps. Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. Not sure if this has been discussed before, if so I appologize as I must have missed the thread. -- Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Thu, 5 Aug 2004, Ryan Moore wrote: Over the past few days I've had a few reports of a virus getting through, and while the sig database has that virus listed (sigtool -l), I don't see any blocks in my messages log. I'm still running a slightly older version of clamav on most my boxes (0.72) since there were some issues with the newer versions over the past few weeks, though I'm thinking they may have been resolved? Versions older than 0.75 will not catch all variants of Mydoom.M. Version 0.75.1 was released to resolve the stability issues, and seems to be working well for me. My main question is, that with some of these new signatures that have been released, do they need an upgrade of the scanning engine (libclamav?) itself? I'm guessing the answer is yes, and also wondering if there is a way to include automated notification when freshclam runs perhaps. Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. That's a good idea. Not sure how they would add support for that, though, without having the version numbers change _very_ frequently. Not that having them change is a bad thing Not sure if this has been discussed before, if so I appologize as I must have missed the thread. It should probably be a FAQ. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [PATCH] catch Mydoom.M binary fragments
On 5 Aug 2004, at 09:09, Trog wrote: The attached patch for clamav-0.75.1 will catch the files sent by Mydoom.M that have been reported as binary fragments. They will get reported as Mydoom.M.log Thanks, -trog mydoom-log.diff This 'MIGHT' be a dumb question, but then I might be dumb !! How would one apply this patch to an existing installation ? Or is it a case of patching the installer files and re-installing ? Either way, how would you go about this ? RedHat 9 clamav-0.75.1 amavisd-new. Postfix Many thanks Robert. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Warning messages are queued after upgraded to 0.75.1
Nigel Horne wrote: Dear all, After upgraded to 0.75.1, the warning messages Virus intercepted are queued on the mqueue, is it configurable in clamav.conf? Turn off scanning of local messages. But...that means that an infected machine on the LAN will be able to send emails contained viruses using SMTP with RELAY??? Matías.- --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
Jeremy Kitchen wrote: On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy I didn't get any such warnings on any of my machines, they were all using clamav 0.72 with freshclam daemonized (with LogVerbose in freshclam.conf). Do you have to do anything special to get this sort of behavior? Also did anyone get these warnings when running a version previous to 0.75.1? Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav Engine upgrades?
This is predicated on the developers of the database incrementing the functionality level when they make changes like this. I'm still not sure I get it, but there seems to be some resistance to doing this consistantly. Some changes in detection seem to make it into CVS, and I think future versions without a change in the db functionality level - so the code is there, and maybe it was originally for MAJOR changes - not simply one or two viruses that need the upgrade, but it doesn't seem to make sense for the way people use this project... my 2 cents. m/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ryan Moore Sent: Thursday, August 05, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clamav Engine upgrades? Jeremy Kitchen wrote: On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy I didn't get any such warnings on any of my machines, they were all using clamav 0.72 with freshclam daemonized (with LogVerbose in freshclam.conf). Do you have to do anything special to get this sort of behavior? Also did anyone get these warnings when running a version previous to 0.75.1? Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [PATCH] catch Mydoom.M binary fragments
On 5 Aug 2004, at 20:29, Robert wrote: On 5 Aug 2004, at 09:09, Trog wrote: The attached patch for clamav-0.75.1 will catch the files sent by Mydoom.M that have been reported as binary fragments. They will get reported as Mydoom.M.log Thanks, -trog mydoom-log.diff This 'MIGHT' be a dumb question, but then I might be dumb !! How would one apply this patch to an existing installation ? Or is it a case of patching the installer files and re-installing ? Either way, how would you go about this ? RedHat 9 clamav-0.75.1 amavisd-new. Postfix Many thanks Robert. Replying to my own post, Google 'un-dumbs' you. Robert. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Warning messages are queued after upgraded to 0.75.1
On Thursday 05 Aug 2004 21:41, Matias Lopez Bergero wrote: Nigel Horne wrote: Dear all, After upgraded to 0.75.1, the warning messages Virus intercepted are queued on the mqueue, is it configurable in clamav.conf? Turn off scanning of local messages. But...that means that an infected machine on the LAN will be able to send emails contained viruses using SMTP with RELAY??? man clamav-milter, look for --outgoing Matías.- -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Another upgrade question.
I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I would like to upgrade Clamav. Tried yum but it continues to tell me there are no updates available. So on to plan two. I'm going to install from the RPMs but wasn't exactly sure of the process. This is my plan. 1. Stop Mailscanner (which will effectively stop Sendmail and Clamav, correct?) 2. Save my current clamav.conf to /tmp 3. rpm -e clamav 4. rpm -Uvh new clamav-db rpm package 5. rpm -Uvh new clamav package 6. copy clamav.conf back to /etc 6. restart Mailscanner Sorry if this is elementary but it's my first time and this is a production server that can't afford to be down long. I've searched the web and can't find any detailed instructions for this type of update (when one program is depending on others being there 24/7) Any hints, tips, tricks, and/or got-cha's would be helpful. TIA! Ken Ken Goods Network Administrator MIS Dept. AIA Insurance, Inc. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV-20040805
Dear users, the development version of ClamAV is mature enough to start using it instead of 0.7x stable releases. Please give it a try and report all bugs to [EMAIL PROTECTED] Thank you ! http://www.clamav.net/snapshot/clamav-20040805.tar.gz The above snapshot includes a new, memory efficient three-way scanning engine, a PE file analyzer, and is able to decompress executables packed with UPX, Petite, or FSG. Support for CAB and CHM archives, PowerPoint macros, and HTML normalisation was added. New features also include an improved email detection mechanism and support for detection of broken executable files and popular encrypted log files generated by Mydoom.M. Best regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Aug 5 23:44:42 CEST 2004 pgpSRhNEQ3FLt.pgp Description: PGP signature
Re: [Clamav-users] Clamav Engine upgrades?
Mitch (WebCob) wrote: Jeremy Kitchen wrote: On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy I didn't get any such warnings on any of my machines, they were all using clamav 0.72 with freshclam daemonized (with LogVerbose in freshclam.conf). Do you have to do anything special to get this sort of behavior? Also did anyone get these warnings when running a version previous to 0.75.1? Ryan Moore This is predicated on the developers of the database incrementing the functionality level when they make changes like this. I'm still not sure I get it, but there seems to be some resistance to doing this consistantly. Some changes in detection seem to make it into CVS, and I think future versions without a change in the db functionality level - so the code is there, and maybe it was originally for MAJOR changes - not simply one or two viruses that need the upgrade, but it doesn't seem to make sense for the way people use this project... IIRC freshclam doesn't even update the local database if your local installation has a too small functionality level. I guess it was implemented with major database format changes in mind, like 0.72 simply won't load databeses with the new md5 hashes in it (it would die). Just an educated guess though. Haven't looked at the sources. Thomas --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Another upgrade question.
Ken Goods wrote: I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I would like to upgrade Clamav. Tried yum but it continues to tell me there are no updates available. So on to plan two. I'm going to install from the RPMs but wasn't exactly sure of the process. This is my plan. 1. Stop Mailscanner (which will effectively stop Sendmail and Clamav, correct?) Not sure (not my config). Better stop sendmail and clamav, too. 2. Save my current clamav.conf to /tmp Always a wise decision ;-) 3. rpm -e clamav 4. rpm -Uvh new clamav-db rpm package 5. rpm -Uvh new clamav package Why not: rpm -Uvh clamav-db clamav ? Should keep track of everything (if the RPMs are built properly). If you're not sure, run something like find /etc /usr -name *clamav* -print after rpm -e and check for leftover libs or binaries and delete them manually. I've seen too many requests here which were tracked down to be old duplicate leftovers... 6. copy clamav.conf back to /etc 6. restart Mailscanner Sorry if this is elementary but it's my first time and this is a production server that can't afford to be down long. I've searched the web and can't find any detailed instructions for this type of update (when one program is depending on others being there 24/7) Any hints, tips, tricks, and/or got-cha's would be helpful. TIA! Ken Thomas --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Another upgrade question.
Ken Goods wrote: I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I would like to upgrade Clamav. Tried yum but it continues to tell me there are no updates available. So on to plan two. I'm going to install from the RPMs but wasn't exactly sure of the process. This is my plan. 1. Stop Mailscanner (which will effectively stop Sendmail and Clamav, correct?) 2. Save my current clamav.conf to /tmp 3. rpm -e clamav 4. rpm -Uvh new clamav-db rpm package 5. rpm -Uvh new clamav package 6. copy clamav.conf back to /etc 6. restart Mailscanner You could stop just MS and let Sendmail run so your server still receives mail if you want to. If the packages are two different builds you're correct about removing the old one completely. Remember to compare the two clamav.conf files so you don't miss any options in the new one by overwriting it with your old one. By the way, clamav.conf is only used by clamd which you're not using with MS. Concentrate on freshclam.conf instead. Should be a simple five minute upgrade. Post on the MS list if you need more help. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5, SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] failure with 0.75.1 (was Re: success report on 0.75.1)
Christopher McCrory wanted us to know: Once per week we send a newsletter out to many people. This takes ~10 hours as it's not very optimized. One message per receipent, not one message - many. clamd keeps failing over I added --dont-scan-on-error to the clamav-milter args, the frequency was reduced, but not eliminated Hey Chris! What is your max-children set to in /etc/sysconfig/clamav-milter? What is your MaxThreads set to in /etc/clamav.conf? On my system I set them the same. I have each set at 20, but since you're doing such a large mailing, I'm curious if your settings are much higher? -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-15mdkenterprise 2 users, load average: 0.16, 0.12, 0.08 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Fri, 06 Aug 2004 00:08:55 +0200 Thomas Lamy [EMAIL PROTECTED] wrote: IIRC freshclam doesn't even update the local database if your local installation has a too small functionality level. I guess it was Even if the f-level is smaller than required one freshclam still attempts to update the database. All *.cvd databases are backward compatible but older libclamav versions can't use some new features they provide. implemented with major database format changes in mind, like 0.72 simply won't load databeses with the new md5 hashes in it (it would die). Older versions just ignore internal hash databases in cvd files. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 6 00:30:07 CEST 2004 pgpKpTpKZVcIz.pgp Description: PGP signature
Re: [Clamav-users] ClamAV-20040805
Tomasz Kojm wrote: Dear users, the development version of ClamAV is mature enough to start using it instead of 0.7x stable releases. Please give it a try and report all bugs to [EMAIL PROTECTED] Thank you ! http://www.clamav.net/snapshot/clamav-20040805.tar.gz The above snapshot includes a new, memory efficient three-way scanning engine, a PE file analyzer, and is able to decompress executables packed with UPX, Petite, or FSG. Support for CAB and CHM archives, PowerPoint macros, and HTML normalisation was added. New features also include an improved email detection mechanism and support for detection of broken executable files and popular encrypted log files generated by Mydoom.M. Hi, Two upgraded here, I'll watch them over night and if no major problems occur I'll upgrade 5 or so others. Thanks for the great work. Regards, Rick --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Another upgrade question.
Thomas Lamy scribbled on Thursday, August 05, 2004 3:24 PM: Ken Goods wrote: I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I would like to upgrade Clamav. Tried yum but it continues to tell me there are no updates available. So on to plan two. I'm going to install from the RPMs but wasn't exactly sure of the process. This is my plan. 1. Stop Mailscanner (which will effectively stop Sendmail and Clamav, correct?) Not sure (not my config). Better stop sendmail and clamav, too. 2. Save my current clamav.conf to /tmp Always a wise decision ;-) 3. rpm -e clamav 4. rpm -Uvh new clamav-db rpm package 5. rpm -Uvh new clamav package Why not: rpm -Uvh clamav-db clamav ? Should keep track of everything (if the RPMs are built properly). If you're not sure, run something like find /etc /usr -name *clamav* -print after rpm -e and check for leftover libs or binaries and delete them manually. I've seen too many requests here which were tracked down to be old duplicate leftovers... 6. copy clamav.conf back to /etc 6. restart Mailscanner Sorry if this is elementary but it's my first time and this is a production server that can't afford to be down long. I've searched the web and can't find any detailed instructions for this type of update (when one program is depending on others being there 24/7) Any hints, tips, tricks, and/or got-cha's would be helpful. TIA! Ken Thomas Many thanks for the tips Thomas! Exactly what I was looking for! Ken takes a deep breath and heads for the machine room. ;) Kind regards, Ken --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Another upgrade question.
Peter Bonivart scribbled on Thursday, August 05, 2004 3:23 PM: Ken Goods wrote: I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I would like to upgrade Clamav. Tried yum but it continues to tell me there are no updates available. So on to plan two. I'm going to install from the RPMs but wasn't exactly sure of the process. This is my plan. 1. Stop Mailscanner (which will effectively stop Sendmail and Clamav, correct?) 2. Save my current clamav.conf to /tmp 3. rpm -e clamav 4. rpm -Uvh new clamav-db rpm package 5. rpm -Uvh new clamav package 6. copy clamav.conf back to /etc 6. restart Mailscanner You could stop just MS and let Sendmail run so your server still receives mail if you want to. If the packages are two different builds you're correct about removing the old one completely. Remember to compare the two clamav.conf files so you don't miss any options in the new one by overwriting it with your old one. By the way, clamav.conf is only used by clamd which you're not using with MS. Concentrate on freshclam.conf instead. Should be a simple five minute upgrade. Post on the MS list if you need more help. Thanks Peter! More great tips! Especially the freshclam.conf/clamav.conf explanation. I know I read somewhere that it was only used by clamd but forgot until you mentioned it. I've been reading too much lately... Kind regards, Ken --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV-20040805
On Thursday 05 August 2004 07:44 pm, René Bellora wrote: bugs to [EMAIL PROTECTED] Thank you ! I'm testing against old viruses, it seems to miss JS.FortNight.B. Same files, with 0.75 and same signatures are caught *cough* -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV-20040805
Jeremy Kitchen wrote: On Thursday 05 August 2004 07:44 pm, René Bellora wrote: bugs to [EMAIL PROTECTED] Thank you ! I'm testing against old viruses, it seems to miss JS.FortNight.B. Same files, with 0.75 and same signatures are caught *cough* Hi, What's that mean Jeremy ? Regards, Rick --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV-20040805
Rick Macdougall wrote: Jeremy Kitchen wrote: On Thursday 05 August 2004 07:44 pm, René Bellora wrote: bugs to [EMAIL PROTECTED] Thank you ! I'm testing against old viruses, it seems to miss JS.FortNight.B. Same files, with 0.75 and same signatures are caught *cough* Hi, What's that mean Jeremy ? I think it means if you find a bug, forward it to [EMAIL PROTECTED] clamav-users is supposed to be be for support purposes, not for bug report :) Regards, Fajar -- http://justreadthis.com
Re: [Clamav-users] ClamAV-20040805
Fajar A. Nugraha wrote: Rick Macdougall wrote: Jeremy Kitchen wrote: On Thursday 05 August 2004 07:44 pm, René Bellora wrote: bugs to [EMAIL PROTECTED] Thank you ! I'm testing against old viruses, it seems to miss JS.FortNight.B. Same files, with 0.75 and same signatures are caught *cough* Hi, What's that mean Jeremy ? I think it means if you find a bug, forward it to [EMAIL PROTECTED] clamav-users is supposed to be be for support purposes, not for bug report :) Regards, Fajar Sigh, You are correct To bed with me then. Regards, Rick --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV-20040805
On Fri, 6 Aug 2004, Fajar A. Nugraha wrote: Rick Macdougall wrote: Jeremy Kitchen wrote: On Thursday 05 August 2004 07:44 pm, René Bellora wrote: bugs to [EMAIL PROTECTED] Thank you ! I'm testing against old viruses, it seems to miss JS.FortNight.B. Same files, with 0.75 and same signatures are caught *cough* What's that mean Jeremy ? I think it means if you find a bug, forward it to [EMAIL PROTECTED] clamav-users is supposed to be be for support purposes, not for bug report :) Personally I think this is an excellent place for bug reports, and they are pretty much the only reason I read the list. It's important for users to know the limitations of software they use (especially when the different versions have stability issues). Helping others is just my form of payment for the stability information I get. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users