Re: [Clamav-users] No response to virus submissions...
On Thu, Jan 26, 2006 at 01:09:28PM +0100, Diego d'Ambra wrote: > Erik Corry wrote: > >On Thu, Jan 26, 2006 at 11:50:00AM +0100, Erik Corry wrote: > > > > > > How about: > > > > > > > >JS.Feebs-C.variant-ec:3:*:756e6573636170652822(253636|66)(253735|75)(25363e|6e)(253633|63)*(253237|27)(253237|27)(25323c|2c)??(25323c|2c)??(25323c|2c)??(25323c|2c) > > > >Sheesh, this sig making stuff isn't as simple as it looks :-) > >That didn't work well at all! > > > >JS.Feebs-C.variant-ec:3:*:756e6573636170652822(253636|66)(253735|75)(253645|6e)(253633|63) > > > > Bingo, matches every variant. > > I believe adding a match for e.g. <=((?+1)%??-1);> and possible Is this syntax documented? It doesn't look like the syntax documented in the signatures.pdf file from the clamav web site. -- Erik Corry In this way the infinite-dimensional invariance group erodes [EMAIL PROTECTED] the distinction between observer and observed; the pi of Euclid and the G of Newton, formerly thought to be constant and universal, are now perceived in their ineluctable historicity; ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No response to virus submissions...
On Thu, Jan 26, 2006 at 11:50:00AM +0100, Erik Corry wrote:
>
> How about:
>
> JS.Feebs-C.variant-ec:3:*:756e6573636170652822(253636|66)(253735|75)(25363e|6e)(253633|63)*(253237|27)(253237|27)(25323c|2c)??(25323c|2c)??(25323c|2c)??(25323c|2c)
Sheesh, this sig making stuff isn't as simple as it looks :-)
That didn't work well at all!
JS.Feebs-C.variant-ec:3:*:756e6573636170652822(253636|66)(253735|75)(253645|6e)(253633|63)
Works for all variants that I have seen, but also catches any html file with
unescape ("func
without the space. Right now I think I can live with that.
Does the * wildcard have a limit to how many characters it will look ahead? It
doesn't seem
to be working for me as I expected.
--
Erik Corry In this way the infinite-dimensional invariance group erodes
[EMAIL PROTECTED] the distinction between observer and observed; the pi of
Euclid
and the G of Newton, formerly thought to be constant and
universal, are now perceived in their ineluctable historicity;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No response to virus submissions...
On Thu, Jan 26, 2006 at 10:24:57AM +0100, Diego d'Ambra wrote:
> Erik Corry wrote:
> >On Wed, Jan 25, 2006 at 09:55:10PM +0100, Diego d'Ambra wrote:
> > > Erik Corry wrote:
> > > >
> > > >Suspicious.HTML.javascript2=756e6573636170652822253636
> > > >
> > > >Put it in a file called local.db in the same directory as your main.cvd
> > > >and daily.cvd files. It searches for the string:
> > > >
> > > >unescape ("%66
> > > >
> > > >(only without the space) in a mail, so it will get some false
> > positives.
> > >
> > > Large number of Feebs-C variants isn't detected by that signature,
> > sorry.
> >
> >That's not a problem for me if those Feebs-C variants are already
> >detected by the official clamav database.
>
> Unfortunately that isn't the case, but I'm working on it :-)
How about:
JS.Feebs-C.variant-ec:3:*:756e6573636170652822(253636|66)(253735|75)(25363e|6e)(253633|63)*(253237|27)(253237|27)(25323c|2c)??(25323c|2c)??(25323c|2c)??(25323c|2c)
Matches
unescape("func
followed by
'',?,?,?,
Where the stuff after " can be hex escaped
--
Erik Corry In this way the infinite-dimensional invariance group erodes
[EMAIL PROTECTED] the distinction between observer and observed; the pi of
Euclid
and the G of Newton, formerly thought to be constant and
universal, are now perceived in their ineluctable historicity;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No response to virus submissions...
On Wed, Jan 25, 2006 at 09:55:10PM +0100, Diego d'Ambra wrote:
> Erik Corry wrote:
> >
> >Suspicious.HTML.javascript2=756e6573636170652822253636
> >
> >Put it in a file called local.db in the same directory as your main.cvd
> >and daily.cvd files. It searches for the string:
> >
> >unescape ("%66
> >
> >(only without the space) in a mail, so it will get some false positives.
>
> Large number of Feebs-C variants isn't detected by that signature, sorry.
That's not a problem for me if those Feebs-C variants are already
detected by the official clamav database. This pattern detects the
Feebs variants that I have seen that clamav doesn't already cover.
I just submitted them again to the web interface in case you missed
them the first time.
--
Erik Corry In this way the infinite-dimensional invariance group erodes
[EMAIL PROTECTED] the distinction between observer and observed; the pi of
Euclid
and the G of Newton, formerly thought to be constant and
universal, are now perceived in their ineluctable historicity;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No response to virus submissions...
On Wed, Jan 25, 2006 at 01:19:58PM -0500, Mike Robinson wrote:
> Erik Corry wrote:
> >
> > The following signature seems to detec the Mytob variants on my system:
> >
> > Suspicious.HTML.javascript2=756e6573636170652822253636
> >
> > Put it in a file called local.db in the same directory as your main.cvd
> > and daily.cvd files. It searches for the string:
> >
> > unescape ("%66
> >
> > (only without the space) in a mail, so it will get some false positives.
>
> Here is the rule that I have made for this new mytob variant.
>
> This needs to go into a .ndb file in the same directory. It actually
> detects a hex string from the included .pif file...no false positives
> from it...
>
> Worm.Mytob.ZZZ:0:*:1c4f74750d4ae0497e7f0f54f4537879115ef85d42435058cc274c4d5c22d0215657a32ca42b50518636a8355a5b1d:0
Sorry, the signature I posted above is for undetected Feebs variants. I
got my viruses mixed up.
I haven't actually seen any false positives for my pattern.
--
Erik Corry In this way the infinite-dimensional invariance group erodes
[EMAIL PROTECTED] the distinction between observer and observed; the pi of
Euclid
and the G of Newton, formerly thought to be constant and
universal, are now perceived in their ineluctable historicity;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No response to virus submissions...
On Tue, Jan 24, 2006 at 06:40:12PM -0500, Mike Robinson wrote:
> I've tried submitting a new Mytob variant over the last 2 days (still
> not being detected by ClamAV) and I've still not got a responseI
The following signature seems to detec the Mytob variants on my system:
Suspicious.HTML.javascript2=756e6573636170652822253636
Put it in a file called local.db in the same directory as your main.cvd
and daily.cvd files. It searches for the string:
unescape ("%66
(only without the space) in a mail, so it will get some false positives.
--
Erik Corry In this way the infinite-dimensional invariance group erodes
[EMAIL PROTECTED] the distinction between observer and observed; the pi of
Euclid
and the G of Newton, formerly thought to be constant and
universal, are now perceived in their ineluctable historicity;
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Postmaster bounces and such.
On Sun, Mar 21, 2004 at 08:43:19PM +, Antony Stone wrote: > On Sunday 21 March 2004 6:37 pm, Erik Corry wrote: > > > You need to distinguish between Worms and Viruses. Worms are just > > propagating themselves. There's never any harm in dropping a worm > > since they are not part of a project or a correspondance. > > > > Viruses on the other hand attach to otherwise legitimate files and > > of course they should be bounced. > > I disagree. Certainly, many years ago, this was true of viruses, but today? It is the definition of a virus that it attaches itself to other files. > I don't think so. > > What is the most recent virus you can think of which attached itself to > otherwise legitimate files, rather than being the entire content of whatever > it is the victim receives? For example most Word Macro viruses are real viruses. To pick a random example, Clamav recently added a sig for Macro.Word97.Onex which does not mail itself anywhere. Did you read what I wrote regarding Worms and Viruses? You seem to be talking about worms. Viruses are not dead, though there are worm/virus hybrids. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Postmaster bounces and such.
On Sun, Mar 21, 2004 at 01:13:51PM -0500, Bit Fuzzy wrote: > I notify the 'recipient' in the event the email in question was expected > (part of a project, family / business correspondence etc). You need to distinguish between Worms and Viruses. Worms are just propagating themselves. There's never any harm in dropping a worm since they are not part of a project or a correspondance. Viruses on the other hand attach to otherwise legitimate files and of course they should be bounced. > I know if I was hosted, and the host was making decisions for me regarding > how certain mail was handled I'd be looking for a new host. I know if I was hosted and my hoster was propagating worms that forged my name I would be looking for a new host. Clamav distinguishes between Worms and Viruses in the name, but not in the return code as far as I know. For most milters it wouldn't be a problem to grep the output for the "Worm" in the name and drop them in /dev/null. Another way to handle it is to have clamav on all your MX hosts and report 4xx fatal errors to those that try to send you a worm/virus. For worms you know you are talking directly to the SMTP engine of the worm (since all MX hosts are running the software) and so the error code cannot cause a bounce. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: password-protected Worm.Bagle.H
On Thu, Mar 04, 2004 at 12:35:55PM +0100, Tomasz Papszun wrote: > On Thu, 04 Mar 2004 at 12:08:57 +0100, Laurent Wacrenier wrote: > > Tomasz Papszun wrote: > > > Despite adding to the submission page (in BIG fontsize!) this request: > > > > > > "DO NOT SUBMIT naked zip files IF their contents is DETECTED as infected > > > by ClamAV AFTER UNZIPPING" > > > > > > they keep submitting these idiotic samples. > > > > You may change the virus submission CGI to make the check. > > > > Not quite. Password-protected zip files can't be scanned inside. > > Detecting that a zip file is encrypted and rejecting it (available only > since a very recent CVS version) isn't a good solution either as a > submitter can have a valid reason to encrypt some sample intentionally. Suggestion: Add a web form field for typing in the password, then you can scan inside the zip, or reject an encrypted zip without a password. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] password-protected Worm.Bagle.H
On Tue, Mar 02, 2004 at 09:38:11PM -0800, Shawn Tayler wrote: > On Tue, 2 Mar 2004 17:07:53 +0100 Erik Corry <[EMAIL PROTECTED]> exclaimed: > > > The question is how much of a problem it really is. Are users > > really that dumb? > > > > What I'm wondering is whether the encrypted version of the > > virus can be created by the unencrypted version, or whether the > > encrypted versions of the virus we have seen have all been > > produced by actual encrypted-zip infections. Anyone know? > > Well, > > Given the level of replication I'm seeing on this bug, I'd say the answer > is yes. You didn't read my second paragraph! You getting encrypted zip files doesn't prove that anyone was infected with an encrypted file. The mail could have been produced by a machine infected with the unencrypted version! -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] password-protected Worm.Bagle.H
On Tue, Mar 02, 2004 at 11:59:19AM -0600, John Jolet wrote: > >> The question is how much of a problem it really is. Are users >> really that dumb? > > yes, they are. i've gotten about 10 of those in the last 3 days. That doesn't actually prove that anyone typed in the password and got infected. The version with unencrypted zip file can send the version with encrypted zip file to others. The best defence against it (if it really is a problem) might be blocking encrypted zip files with suspicious filenames in them. You can see that the file contains a .exe .pif, etc. ending without the password. That's probably not a task for clamav though, more like MIMEDefang: http://www.mimedefang.org/ Someone seems to have been giving this some thought: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020563.html -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] password-protected Worm.Bagle.H
On Tue, Mar 02, 2004 at 07:38:59AM -0800, Mitch (WebCob) wrote: > > Seeing how quickly this could get out of hand, and how hard it would be to > write code to "read" the password from the mail - how about a simple option > that allows full rejection of password encrypted archives - or optional > (based on db lookup) but I'm probably hoping too much there... The question is how much of a problem it really is. Are users really that dumb? What I'm wondering is whether the encrypted version of the virus can be created by the unencrypted version, or whether the encrypted versions of the virus we have seen have all been produced by actual encrypted-zip infections. Anyone know? -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] password protected zip file
On Tue, Mar 02, 2004 at 03:07:31PM +0800, kengheng wrote: > Hi, Can clamav detected those virus that is protected by a password in a zipped file? No -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] password-protected Worm.Bagle.F
On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote: > Bill Taroli wrote: > > >Perhaps a silly question... if the .ZIP attachment is passworded, how > >are the target users supposed to be opening them and getting infected? > >Has the password been included in the email in which the .ZIP was > >attached? > > No, silly me. I forgot to mention that the password is included in email > body. > > Which means that the only way it can infect you is if you use Windows, > don't have any updated AV scanner, open the attachment, and > intentionally type in the password. > > However, judging from the fact that it IS spreading in my network now, > some people tend to do exactly that. Kaspersky have added the text string to their signatures (the one that tries to entice you into unpacking the zip file). That seems to be all you can do right now. In the somewhat longer run perhaps the engine needs to be able to get a list of possible passwords so it can have a go at decrypting the zip file. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] optimal freshclam update frequency
On Fri, Feb 27, 2004 at 11:16:23PM -0500, jef moskot wrote:
> I know this has been asked a long time ago, but with all the new mirrors
> up and the recent barrage of new worms, I've been wondering what the
> ClamAV team suggests for a reasonable update rate?
>
> One of my users has suggested once every 5 minutes, but that sounds
> excessive and would probably be a bad idea if EVERYONE did that.
>
> So, what would the ClamAV team prefer?
I have a script that I run once an hour (at a random minute):
#!/bin/bash
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
if [ /usr/users/erik/Mail/clamav-virusdb -nt /usr/local/var/clamav-updated ]
then
touch /usr/local/var/clamav-updated
freshclam > /dev/null
fi
I use procmail to put mails from the clamav-virusdb list in the folder
above.
This way I update within one hour if there is an update, otherwise
nothing happens. You could up this to once every half hour without
overloading the servers I think.
Just in case, I update once a day even if nothing arrives on the list.
A useful addition would be if the mails to the virusdb list were
always signed with the same PGP key, otherwise there's an obvious
DoS on this scheme if it caught on.
As an alternative, the mails could contain a signed attachment
that actually contained the update.
This will give you a random minute to put in your crontab file:
awk 'BEGIN{srand(systime()); print int(rand()*59+1)}'
Alternatively just look at the clock at the moment you edit the
crontab file and use that...
--
Erik Corry I'd be a Libertarian, if they weren't all a
[EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed.
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam in deamon mode
Here's a feature idea: An option to freshclam in daemon mode that gives it a file to watch. When the file changes, we download updates (perhaps after a random delay). That way I can subscribe to the database mailing list, set up procmail to put mails from the list in a special folder, then use that to trigger freshclam. Alternatively I could install freshclam setuid and trigger it directly with procmail, but I'm not sure freshclam is safe to use in setuid mode. -- Erik Corry --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Decompression Bombs
On Wed, Feb 04, 2004 at 09:35:07AM -0600, Tom Walsh wrote: > I saw an article on bigtraq today that discussed an interesting vectored > attack against anti-virus software and was curious if any type of checks > were in place for clamav. http://sourceforge.net/mailarchive/forum.php?thread_id=3839743&forum_id=34617 -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MyDoom???
On Wed, Feb 04, 2004 at 12:56:30PM +0200, Dinko Ivanov wrote: > When clamav will detect MyDoom? > I hope soon?! Clamav detects MyDoom just fine right now, but it calls it SCO.A. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bzip bombs
Hi Just a note to say I tried some of the zip and bzip bombs described in http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html and found that clamav copes very well with them. In particular I was able to scan a mail consisting of a 10Gbyte bzip2 bomb followed by a copy of the SCO virus and the virus was correctly detected. Also, standalone copies of the decompression bombs could be scanned: Clamav stopped scanning after a few Mbytes. So that's nice. -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamd stops responding
hread_create@@GLIBC_2.1 () from /lib/libpthread.so.0 #3 0x0804c698 in acceptloop () #4 0x0804b3ae in localserver () #5 0x0804ad46 in clamd () #6 0x08049ef8 in main () #7 0x400f8917 in __libc_start_main () from /lib/libc.so.6 (gdb) thread 1 [Switching to thread 1 (Thread 16384 (LWP 22362))]#0 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 (gdb) bt #0 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 #1 0x40099c28 in __pthread_wait_for_restart_signal () from /lib/libpthread.so.0 #2 0x40099421 in pthread_create@@GLIBC_2.1 () from /lib/libpthread.so.0 #3 0x0804c698 in acceptloop () #4 0x0804b3ae in localserver () #5 0x0804ad46 in clamd () #6 0x08049ef8 in main () #7 0x400f8917 in __libc_start_main () from /lib/libc.so.6 (gdb) thread 2 [Switching to thread 2 (Thread 32769 (LWP 22363))]#0 0x401bd487 in poll () from /lib/libc.so.6 (gdb) bt #0 0x401bd487 in poll () from /lib/libc.so.6 #1 0x40096dee in __pthread_manager () from /lib/libpthread.so.0 (gdb) thread 3 [Switching to thread 3 (Thread 16386 (LWP 22364))]#0 0x401912f6 in nanosleep () from /lib/libc.so.6 (gdb) bt #0 0x401912f6 in nanosleep () from /lib/libc.so.6 #1 0xffc0 in ?? () #2 0x0804bc2b in threadwatcher () #3 0x40097ae0 in pthread_start_thread () from /lib/libpthread.so.0 (gdb) thread 4 Thread ID 4 not known. I am running on Linux 2.4.20 SMP on a dual PPro with glibc-2.3.2-11.9 (Red Hat) Any ideas? -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
