[Clamav-users] FYI : recent clamav db updates, Google groups
FYI, this is the time and number of new virus added to daily.cvd in the last 11 days. The numbers are pretty impressive. The details, including virus names, is available on clamav-virusdb archive. [EMAIL PROTECTED] fajar]$ for file in 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475;do host -t any built.$file.daily.db.clamav.or.id;host -t any newcount.$file.daily.db.clamav.or.id;done built.461.daily.db.clamav.or.id text 19 Aug 2004 20-18 +0200 newcount.461.daily.db.clamav.or.id text 8 built.462.daily.db.clamav.or.id text 19 Aug 2004 22-27 +0200 newcount.462.daily.db.clamav.or.id text 101 built.463.daily.db.clamav.or.id text 20 Aug 2004 11-13 +0100 newcount.463.daily.db.clamav.or.id text 57 built.464.daily.db.clamav.or.id text 20 Aug 2004 16-53 +0200 newcount.464.daily.db.clamav.or.id text 7 built.465.daily.db.clamav.or.id text 23 Aug 2004 11-22 +0200 newcount.465.daily.db.clamav.or.id text 6 built.466.daily.db.clamav.or.id text 23 Aug 2004 18-39 +0200 newcount.466.daily.db.clamav.or.id text 0 built.467.daily.db.clamav.or.id text 24 Aug 2004 23-32 +0200 newcount.467.daily.db.clamav.or.id text 34 built.468.daily.db.clamav.or.id text 25 Aug 2004 15-57 +0200 newcount.468.daily.db.clamav.or.id text 10 built.469.daily.db.clamav.or.id text 27 Aug 2004 00-43 +0200 newcount.469.daily.db.clamav.or.id text 0 built.470.daily.db.clamav.or.id text 27 Aug 2004 12-38 +0100 newcount.470.daily.db.clamav.or.id text 26 built.471.daily.db.clamav.or.id text 29 Aug 2004 02-29 +0200 newcount.471.daily.db.clamav.or.id text 53 built.472.daily.db.clamav.or.id text 30 Aug 2004 03-10 +0200 newcount.472.daily.db.clamav.or.id text 3 built.473.daily.db.clamav.or.id text 31 Aug 2004 21-27 +0200 newcount.473.daily.db.clamav.or.id text 0 built.474.daily.db.clamav.or.id text 31 Aug 2004 22-49 +0200 newcount.474.daily.db.clamav.or.id text 17 built.475.daily.db.clamav.or.id text 01 Sep 2004 00-53 +0200 newcount.475.daily.db.clamav.or.id text 1 OT, is there a possibility of moving this list to google groups? Archiving and search features there is really nice :) --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Messages that got through clam
On Wednesday 01 Sep 2004 00:52, Philip Ershler wrote: I am running clam in series with RAV on CommuniGate Pro via cgpav. The messages go through clam first and if clam says OK then they go through RAV. Today RAV caught 4 messages that clam thought were OK. The following lines are from the RAV log. Should I provide the original messages to the clam team, via appropriate methods? Yes, please send the original emails not just the attachments And by the way, how does one send the clam team apparently virus laden e-mail? zip them with the password virus and email to me personally if you suspect it's an email decoding problem or to http://www.clamav.net if you suspect that they are viruses not in the table. Thanks, Phil -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] LibClamAV Warning: Not all attachments will be scanned
On Tuesday 31 Aug 2004 19:55, Daniel J McDonald wrote: Checking my virus quarantine and came across: $ clamscan --mbox --stdout virus-20040831-* [...] virus-20040831-102553-18818-02-12: Worm.Bagle.N FOUND LibClamAV Warning: Not all attachments will be scanned LibClamAV Warning: Not all attachments will be scanned LibClamAV Warning: Not all attachments will be scanned virus-20040831-102843-20225-01-18: OK virus-20040831-103636-18818-02-44: Worm.SomeFool.I FOUND [...] virus-20040831-102843-20225-01-18 contains a midi file (which is why I block it) and other fluff - is that the message that is not being scanned? This message will no longer occur in 0.80 (all attachments are scanned). This new functionality available now in the developer's release available in CVS. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] LibClamAV Warning: Not all attachments will be scanned
On Tue, 31 Aug 2004 at 13:55:39 -0500, Daniel J McDonald wrote: [...] Incidentally, I've gotten a number of .chm files lately in a unicode message. Clamav hasn't twigged on them, but I ban them with amavis-new anyway. Are there any known exploits with .chm files, or is that just another way to move SPAM around? Yes, there are known exploits with .chm files. An example notice is at http://www.us-cert.gov/cas/techalerts/TA04-099A.html -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org
as subscriber to Modssl-users, i'm receiving by yestarday many copies of an email with subject: foto coming from engelschall i think some of them have received it , too is this mail infected? if yes, why clamav doesn't recognize it? maurizio --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Install Clam-dev
On Wed, 01 Sep 2004 17:26:43 +0800 Wilson Mak wrote: I like to install clamav dev version, but got these errors when running make: cd . /bin/sh /usr/local/src/clamav-devel-latest/missing --run autoconf configure.in:20: error: Autoconf version 2.58 or higher is required aclocal.m4:529: AM_INIT_AUTOMAKE is expanded from... configure.in:20: the top level autom4te: /usr/bin/m4 failed with exit status: 1 make: *** [configure] Error 1 Strange. No problem with RH-7.3, autoconf-2.13-17 --Frank Elsner --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org
On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote: as subscriber to Modssl-users, i'm receiving by yestarday many copies of an email with subject: foto coming from engelschall i think some of them have received it , too is this mail infected? if yes, why clamav doesn't recognize it? maurizio Hi Maurizio, Just to let you know we run ClamAV 0.75.1-3 (Debian package) here and it seems to have caught such a foto e-mail OK. Please see the report below: Date: Tue, 31 Aug 2004 20:26:46 +0100 To: [EMAIL PROTECTED] From: MailScanner [EMAIL PROTECTED] Subject: Warning: E-mail viruses detected The following e-mail messages were found to have viruses in them: Sender: [EMAIL PROTECTED] IP Address: 127.0.0.1 Recipient: name-withheld@localhost Subject: foto MessageID: 1C2EH9-0002Sn-00 Report: ClamAV: fotos.zip contains Trojan.JS.RunMe As you can see, it seems to work OK. Regards, Jo. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org
|-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] Behalf Of Maurizio |Marini |Sent: Wednesday, September 01, 2004 8:21 AM |To: [EMAIL PROTECTED] |Subject: [Clamav-users] foto From: Rse [EMAIL PROTECTED] To: |Modssl-users [EMAIL PROTECTED] | | |as subscriber to Modssl-users, i'm receiving by yestarday many copies of an |email with subject: foto |coming from engelschall |i think some of them have received it , too | |is this mail infected? |if yes, why clamav doesn't recognize it? |maurizio | | | I recieved the foto Virus, Clamav and f-prot both found it apon scanning Brian --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 crashes... (fwd)
Andy Fiddaman wrote: Since the latest daily update, ClamAV has been crashing here with every email it scans, has anyone else seen this ? It appears to be related to the new .hdb file containing an EICAR signature. ClamAV version devel-20040819 I reverted to .75.1 and got things going again. We were receiving quite a few viruses/minute at the time and the down time was an unneeded source of stress. But it is all working so that is a good thing. dp --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: MD5 crashes... (fwd)
On Tue, Aug 31, 2004 at 04:55:51PM -0500, David Champion wrote: * On 2004.08.31, in [EMAIL PROTECTED], * Andy Fiddaman [EMAIL PROTECTED] wrote: Since the latest daily update, ClamAV has been crashing here with every email it scans, has anyone else seen this ? It appears to be related to the new .hdb file containing an EICAR signature. Yes. I get almost the same backtrace as you. I've had to disable clam to get mail through -- I've been fighting with this one since 14:47 GMT-0500, but since I couldn't receive mail, I didn't know I wasn't alone. I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress on it, as I was making other major changes in my mail system at the time this struck. Red herrings galore. -- -D.[EMAIL PROTECTED] NSIT::ENSS We had the same problem here. I had been running clamav-devel-20040727, but as of yesterday evening's freshclam update, clamd would die as soon as it tried to scan any content. This morning I updated to clamav-0.75.1, and this seems to have fixed the problem. If you are not up to clamav-0.75.1, I strongly suggest updating. Mark -- Mark G. Thomas ([EMAIL PROTECTED]) voice: 215-591-3695 http://www.misty.com/ http://mail-cleaner.com/ --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 crashes... (fwd)
On Tue, 31 Aug 2004 21:03:22 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: Since the latest daily update, ClamAV has been crashing here with every email it scans, has anyone else seen this ? It appears to be related to the new .hdb file containing an EICAR signature. ClamAV version devel-20040819 Initial backtrace is (more details when I've investigated a bit more): Program received signal SIGSEGV, Segmentation fault. __md5_process_block (buffer=0x1006cfc3a, len=64, ctx=0x7fffea10) at md5.c:338 Fixed in CVS. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 1 16:13:36 CEST 2004 pgpTZRqesFLlL.pgp Description: PGP signature
Re: [Clamav-users] Can I submit a file if I'm not sure it's a virus?
D.J. Fan wrote: I just received 3 emails with a subject of 'foto' or 'fotos' and a zip attachment named 'foto.zip' with 'calc.exe' and 'foto.htm' contained therein that passed through 3 different scanners undetected. This is Trojan.Dropper.Small-11 added in ClamAV update 475 just in the last hour. I got a couple that slipped through just before the update, but they are being caught now. My other virus scanners still don't detect it. James Lick It was Trojan.Dropper.Small-11 that Symantec calls Download.Ject.C It was discovered August 28th, and it infected a computer on my network on that day, but for some reason, no anti-virus vendor that I am aware of put it in their pattern file until August 31st. It disables descktop anti-virus programs. This allowed the same computer to get infected with a Beagle virus. I have 4 scanners on our network, ClamAV, Panda, Symantec and Trend Micro. It just goes to show you how easy it is for a blended threat to occur. New rule: quarantine all zip attachments. (I do this on my main network but have no control over a few machines that need to use a different email provider.) _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: MD5 crashes... (fwd)
On Wed, 1 Sep 2004, Andy Fiddaman wrote: ; Since the latest daily update, ClamAV has been crashing here with every ; email it scans, has anyone else seen this ? ; Yes. I get almost the same backtrace as you. I've had to disable clam ; ... ; I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress Same here, Solaris 9. AOLMe too/AOL -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 Now back at 0.75.1, was going to try the devel-20040901 snapshot before posting when I saw this thread. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org
Jo Mills wrote: On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote: as subscriber to Modssl-users, i'm receiving by yestarday many copies of an email with subject: foto coming from engelschall i think some of them have received it , too In my opinion the modssl users list has been made useless. heh you can't even get off the darn thing. Due to virus and spam being sent through the list, I ended up having to black list the list. Emails to the maintainer don't even get answered. I am very happy to find that the clamav list has nothing in common ;) Regards KC --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] old database format no longer available
Dear ClamAV users, as previously announced [*], we stopped distributing the database in the old format (viruses.db, viruses.db2). The old database has been completely removed from our main site and mirrors. If you are still using ClamAV 0.60 (or older) you should upgrade immediately. The ClamAV team (http://www.clamav.net/team.html) [*] http://www.gossamer-threads.com/lists/clamav/announce/10454 -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: MD5 crashes... (fwd)
* On 2004.09.01, in [EMAIL PROTECTED], * Christopher X. Candreva [EMAIL PROTECTED] wrote: AOLMe too/AOL -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 Heh. Sounds like the tighter memory access protection (~ it's better to bus or memory fault than to corrupt data) introduced in Solaris 8 is putting us at the bloody edge of of bug detection again. I'm pleased that the Clam team are ready and qualified to fix them - some vendors I've dealt with are not. -- -D.[EMAIL PROTECTED] NSIT::ENSS --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: MD5 crashes... (fwd)
On Wed, 1 Sep 2004, Christopher X. Candreva wrote: On Wed, 1 Sep 2004, Andy Fiddaman wrote: ; Since the latest daily update, ClamAV has been crashing here with every ; email it scans, has anyone else seen this ? ; Yes. I get almost the same backtrace as you. I've had to disable clam ; ... ; I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress Same here, Solaris 9. AOLMe too/AOL -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 Now back at 0.75.1, was going to try the devel-20040901 snapshot before posting when I saw this thread. Do not try. It is broken as well... -- Igor --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: MD5 crashes... (fwd)
On Wed, 1 Sep 2004, David Champion wrote: ; * On 2004.09.01, in [EMAIL PROTECTED], ; * Christopher X. Candreva [EMAIL PROTECTED] wrote: ; ; AOLMe too/AOL -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 ; ; Heh. Sounds like the tighter memory access protection (~ it's better ; to bus or memory fault than to corrupt data) introduced in Solaris 8 ; is putting us at the bloody edge of of bug detection again. I'm pleased ; that the Clam team are ready and qualified to fix them - some vendors ; I've dealt with are not. ; Yep, it looks like an alignment error. The SPARC MMU doesn't allow reading a 32-bit block unless it's the bottom or top half of a word. The fix from Tomasz was very quick, a lot better than any commercial vendor I've dealt with, just waiting for it to be visible in CVS! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] List Down
Daniel J McDonald wrote: No, merely slow. It only took 4 hours to be delivered to me. What do you want? Back in the bad old days we only got mail once a month, over a 1200 baud modem, in the snow, uphill both ways! And you're complaining about a 4-hour delay? Young whippersnapper! ;-) You had a 1200 baud modem!? ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [SPAM] Re: [Clamav-users] OS X Installer and Permissions
On Tue, 31 Aug 2004 12:39:55 -0500 Chris Jett [EMAIL PROTECTED]> wrote: I am working on a double-click installer for Mac OS X. Everything seems to be working OK and I am able to start clamd just fine and scan files just fine. The only problem I am seeing is when trying to use freshclam. Here is the error I get on the command line: ClamAV update process started at Tue Aug 31 12:29:38 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Reading CVD header (main.cvd): OK ERROR: Can't open new file ./clamav-1a227263d1e5cc92 to write open: Permission denied ERROR: Can't download main.cvd from 64.69.64.158 Make sure the database directory (usually /usr/local/share/clamav) is writeable for freshclam. Tomasz, please send me copy! I'd appreciate it! Or let me know were to download! cH4os '}|
Re: [Clamav-users] List Down
300 baud telephone cup modem here.then 1200when I got 2400 and the screen scrolled by faster than I could read, I KNEW I was in tall cotton then.:-) Jeff [EMAIL PROTECTED] - Original Message - From: Michael St. Laurent [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 01, 2004 1:16 PM Subject: RE: [Clamav-users] List Down Daniel J McDonald wrote: No, merely slow. It only took 4 hours to be delivered to me. What do you want? Back in the bad old days we only got mail once a month, over a 1200 baud modem, in the snow, uphill both ways! And you're complaining about a 4-hour delay? Young whippersnapper! ;-) You had a 1200 baud modem!? ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.745 / Virus Database: 497 - Release Date: 8/30/2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 crashes... (fwd)
On Wed, 1 Sep 2004, Tomasz Kojm wrote: ; On Tue, 31 Aug 2004 21:03:22 + (GMT) ; Andy Fiddaman [EMAIL PROTECTED] wrote: ; ; ; Since the latest daily update, ClamAV has been crashing here with ; every email it scans, has anyone else seen this ? ; It appears to be related to the new .hdb file containing an EICAR ; signature. ; ; ClamAV version devel-20040819 ; ; Initial backtrace is (more details when I've investigated a bit more): ; ; Program received signal SIGSEGV, Segmentation fault. ; __md5_process_block (buffer=0x1006cfc3a, len=64, ; ctx=0x7fffea10) ; at md5.c:338 ; ; Fixed in CVS. * libclamav: replace current MD5 implementation with another one A bit drastic ;) This one does look cleaner though, and doesn't have a dependance on the data being 32-bit aligned, looks like it might be faster as well. Thanks again for the quick fix. Andy --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] EICAR Test File
I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
On Wed, 1 Sep 2004, Andy Fiddaman wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? I don't see that with clamav-0.75.1. Personally, I'm intrigued by the fact that the first two characters are not required, and neither are the last 26. It matches on just 38 characters: [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA (with _ replaced by -) Interestingly, there's also a second signature (Trivial.Eicar.122) that adds a few more characters (RD-ANTIV) on to the end. Not sure what the purpose of that is For completeness, the malware md5 signature requires exactly 68 bytes, which might be what you were seeing? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? The current signature is more compatible with the official definition than the old one ;-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:32:24 CEST 2004 pgpeDgCTMl9JA.pgp Description: PGP signature
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. This is the correct definition: Any anti-virus product that supports the test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:53:03 CEST 2004 pgpHN49HOsbjs.pgp Description: PGP signature
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:07 On Wed, 1 Sep 2004, Andy Fiddaman wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? I don't see that with clamav-0.75.1. Personally, I'm intrigued by the fact that the first two characters are not required, and neither are the last 26. It matches on just 38 characters: [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA (with _ replaced by -) Interestingly, there's also a second signature (Trivial.Eicar.122) that adds a few more characters (RD-ANTIV) on to the end. Not sure what the purpose of that is For completeness, the malware md5 signature requires exactly 68 bytes, which might be what you were seeing? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:36 On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? The current signature is more compatible with the official definition than the old one ;-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:32:24 CEST 2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian On Wed, 1 Sep 2004, Jorge Danussi wrote: LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808opÌk ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:54 On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. This is the correct definition: Any anti-virus product that supports the test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:53:03 CEST 2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:54 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:07 On Wed, 1 Sep 2004, Andy Fiddaman wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? I don't see that with clamav-0.75.1. Personally, I'm intrigued by the fact that the first two characters are not required, and neither are the last 26. It matches on just 38 characters: [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA (with _ replaced by -) Interestingly, there's also a second signature (Trivial.Eicar.122) that adds a few more characters (RD-ANTIV) on to the end. Not sure what the purpose of that is For completeness, the malware md5 signature requires exactly 68 bytes, which might be what you were seeing? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:17 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:32 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:54 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:07 On Wed, 1 Sep 2004, Andy Fiddaman wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? I don't see that with clamav-0.75.1. Personally, I'm intrigued by the fact that the first two characters are not required, and neither are the last 26. It matches on just 38 characters: [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA (with _ replaced by -) Interestingly, there's also a second signature (Trivial.Eicar.122) that adds a few more characters (RD-ANTIV) on to the end. Not sure what the purpose of that is For completeness, the malware md5 signature requires exactly 68 bytes, which might be what you were seeing? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:22 Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian On Wed, 1 Sep 2004, Jorge Danussi wrote: LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808opÌk ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 22:52 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:17 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 22:48 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:13 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:36 On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? The current signature is more compatible with the official definition than the old one ;-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:32:24 CEST 2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 23:10 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:22 Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian On Wed, 1 Sep 2004, Jorge Danussi wrote: LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808opÌk ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 23:13 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:32 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:54 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:07 On Wed, 1 Sep 2004, Andy Fiddaman wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? I don't see that with clamav-0.75.1. Personally, I'm intrigued by the fact that the first two characters are not required, and neither are the last 26. It matches on just 38 characters: [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA (with _ replaced by -) Interestingly, there's also a second signature (Trivial.Eicar.122) that adds a few more characters (RD-ANTIV) on to the end. Not sure what the purpose of that is For completeness, the malware md5 signature requires exactly 68 bytes, which might be what you were seeing? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 23:14 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:31 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:54 On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. This is the correct definition: Any anti-virus product that supports the test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:53:03 CEST 2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [OT] Symantec update frequency
On Wed, 01 Sep 2004 02:02:30 +0200, Niek [EMAIL PROTECTED] wrote: On 8/31/2004 11:02 PM +0200, John Jolet wrote: [snip] Symantec's corporate products can be configured to update more often, than standard liveupdate. Kind regards, Niek Baakman I use the following script to update my Windows machines. The script runs under 4NT, but can be adapted to any other batch extender. rem - Update Script for 4NT to get daily Intelligent Updater rem - 4nt from http://www.jpsoft.com rem @echo off setlocal set downdir=c:\download cdd %downdir% iff %1 == ? then echo Downloads today's Intelligent Updater if no paramater supplied echo Otherwise, enter MMDD of the file to be installed endlocal quit elseiff %1== then set [EMAIL PROTECTED],%_isodate]-*-i32.exe else set dp=%1-*-i32.exe endiff echo downloading %dp iftp ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/; ::dir ftp:*.* copy ftp:%dp %downdir% iftp /c set [EMAIL PROTECTED] do set [EMAIL PROTECTED] iff %dp3== then leave else *del %dp2 set dp2=%dp3 endiff enddo set [EMAIL PROTECTED] iff exist %dp2 then %dp2 /Q eventlog /sNAV /i Update: %dp2 *del %dp2 else eventlog /sNAV /w Update: No Update Available endiff endlocal -- Steve --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 23:41 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 22:52 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:17 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:45 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 19:01 I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? A. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] EICAR Test File
LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/02/04 00:46 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 23:37 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 22:48 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 21:13 LLEGO BIEN. Jorge Danussi [EMAIL PROTECTED] 09/01/04 20:36 On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. If I scan the minimal 68-byte file, then the test virus is detected, but if I add any whitespace to the end of this then it is not. Is this a problem with the current signature ? The current signature is more compatible with the official definition than the old one ;-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 2 01:32:24 CEST 2004 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id*808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users