Re: Virus protection: WAS: [Clamav-users] virus submission problem
Steffen Heil wrote: > I cannot prevent such things. I have no way to tell my customers: "you > may not send each other executables or html-files with frames." They > would go somewhere else immediately. Just shifted the reply to this thread, Steffen. The iframe exploit, you are already discriminating against, as it is in the Clam database as: Exploit.IFrame.Gen I never meant to imply that you use draconian methods on any broad areas of email communication, but as you can see from the above, there are specific portions of a laden email which can only point to one designated purpose. I disagree, however, with ISP's or companies who use lax restrictions on email content, just to keep customers or staff happy. At the end of the day, maintaining a proper, healthy, and most of all, sociable system takes precedence over peoples whims. It is the same in any business. You do your best to meet your customers needs, but you never allow customers to dictate poor practice. If you generalise areas, then you are theoretically arguing against AV interception altogether. The 'html-files with frames' bit above is generalising. A specific combination is what you protect against, not a general range. > For the same reason, excessive header line lengths need to work. Long header lines are fine, but when they are above the maximum laid down in the RFC's? Why should someone send an email which violates the specs, and expect for it to be accepted without further ado? With regards to greylisting and SAV, and other such components, they are purely a business or preference decision. They do work, but at an offset cost. They are an extra line of defence, they are not compulsory. All the best, Matt --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
AW: [Clamav-users] virus submission problem
Hi > The main types of checks that should be done are regarding the composition of the emails. For example, the ones you mention above, clsid and boundary checks, will stop a proportional amount of virus mails from getting any further. Okay... already doing so. > Then there are others, like iframe, executable extensions, certain aspects of html content, excessive header line lengths, to name but a few. I cannot prevent such things. I have no way to tell my customers: "you may not send each other executables or html-files with frames." They would go somewhere else immediately. Also greylisting is no option, since it slows down email traffic and some of my customers use robots, which rely on these mails. For the same reason, excessive header line lengths need to work. Altogether, the point is, I may not drop or slow down legitimate mail. So I "simply" scan for viri. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Virus protection: WAS: [Clamav-users] virus submission problem
Joe Maimon wrote: > I may be in the minority here but I strenuously object to the "banned > extensions" methodology. Especialy when implementing outside of the SMTP > layer. > For a service provider its a hassle for their customers. An internal > corp. may be able to inflict such abuse on its users, but not an SP. Thought I would change this to a new thread to stop the thread purists becoming annoyed ;) Must admit, I couldn't agree more on that part. I do, however, block quite a few attachment types. When was the last time you saw a valid .scr or .pif in an email :) As Stephen Gran mentioned in his reply, greylisting is also very effective at dissuading the one shot wonder attempts, as they tend to try once or change the sender address each time, thereby never gaining a valid triplet, and it only causes a slight delay in mail delivery times. That is the point, however, that I am trying to make. There are a shedload of solutions that can whittle down the amount of virii that ever reach the filtering/scanning stage of an email system, and once the remaining few, (few in relative terms), reach the filtering scripts, you can whittle them down, by various methods, to an even smaller proportion, before they ever need to be virus scanned. A cascade of various options, applied in the correct sequence, can make a fairly good barrier to the virus ingress. Virii evolve, and are created more quickly, and in more variation, than exploits or workarounds are found for existing software and access enforcement methods. Thereby, filtering on the variables that change at a slower rate of pace, whether it be by greylisting, extension type, or software vulnerabilities, will generate a larger blockage rate than allowing the virii to get to a line of defence which has to be kept constantly upto date to catch the rapidly evolving nature of the problem. Blocking on the constants first, then variations, and then morphs last, will yield a greater blockage rate. Matt --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus submission problem
Matt wrote: Steffen Heil wrote: For example, I DO have dnsblacklists, helo string checking, mime checks, clsid extension checks, empty and to large boundary checks, verify sender domain and soon some callout-checks in front of clamav. However, some mail should get delivered and those should be checked, right? The helo checks, blacklists and other sender/client checks are just generalisations for any type of junk email. They are not the ones that I was including in that assessment. The main types of checks that should be done are regarding the composition of the emails. For example, the ones you mention above, clsid and boundary checks, will stop a proportional amount of virus mails from getting any further. Then there are others, like iframe, executabl I may be in the minority here but I strenuously object to the "banned extensions" methodology. Especialy when implementing outside of the SMTP layer. For a service provider its a hassle for their customers. An internal corp. may be able to inflict such abuse on its users, but not an SP. For that matter, thanks to MS new outlooks "You cant open this attachement if your life depended on it (except if you hack the reg for each and every one -- but if you trash your machine your sol)" security misfeature, is now a pain in the neck to email anything usefull to a windows/outlook user. You send it, you go on your merry way, you (maybe) hear back "I cant open it" "Send it again" "What are you talking about". Just wait till zips become a banned extension. What are we going to do when users become accustomed to renaming attachments back to the proper form? Make them click an extra ok button? And for those who say "but they wont do that?" -- password protected zips? Aggressive blacklisting is the answer. People who send you viruses should get blacklisted semi-automatically. Now you dont even have to enter the DATA stage when they come knocking again. Joe --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus submission problem
On Wed, 29 Sep 2004, Trog wrote: On Wed, 2004-09-29 at 11:21, Paul Boven wrote: BogusBaw Brandys wrote: Damian Menscher wrote [inserted attribution for myself]: This is not an isolated case. The virus submission page must be changed to run the latest RELEASED version of clamav. Seconded. I run an up-to-date release version of ClamAV (0.75), there are virusses getting trough, but I can't submit them because 0.80rc3 would have recognised them. And we know clamav 0.75 would be able to detect these given specific examples. Your clairvoyance astounds me. You are free to add your own signatures to spot your samples. They almost certainly wouldn't catch any other samples of the same virus though. Same virus, or same exploit? We're asking for protection against viruses, not against exploits (we'd happily upgrade to 0.80rc3 for that). Or are you saying this virus is polymorphic? I asked that in my original email that started this thread, and got no response. Sounds like the webpage needs to be improved in the way another poster suggested: have it tell you which versins of clamav can catch the file. And developers should review the submissions for the current stable release just in case its possible to create a specific signature. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus submission problem
On Wed, Sep 29, 2004 at 03:17:08PM +0200, Steffen Heil said: > Hi > > > There are a significant amount of other methods that will generally detect > an infected email. Approximately 3.8% of infected emails ever reach the > stage where the virus scanners I use get called into action, and Clam hasn't > missed one of those yet. Check for other email exploits before checking for > virii. > > So tell use, our preacher, how you do that? > > For example, I DO have dnsblacklists, helo string checking, mime checks, > clsid extension checks, empty and to large boundary checks, verify sender > domain and soon some callout-checks in front of clamav. > However, some mail should get delivered and those should be checked, right? I also use greylisting on top of all of the methods you have above, and clam now catches single digits of viruses/week (granted, this mx only handles about 800-1000 emails/day, but scale appropriately). The only viruses hitting my MX are coming in from forwarding services. All direct to MX viruses have stopped. -- -- | Stephen Gran | Tallulah Bankhead barged down the Nile | | [EMAIL PROTECTED] | last night as Cleopatra and sank. -- | | http://www.lobefin.net/~steve | John Mason Brown, drama critic | -- pgp1OPVHdd40E.pgp Description: PGP signature
Re: [Clamav-users] virus submission problem
Steffen Heil wrote: > For example, I DO have dnsblacklists, helo string checking, mime checks, > clsid extension checks, empty and to large boundary checks, verify > sender domain and soon some callout-checks in front of clamav. > However, some mail should get delivered and those should be checked, > right? The helo checks, blacklists and other sender/client checks are just generalisations for any type of junk email. They are not the ones that I was including in that assessment. The main types of checks that should be done are regarding the composition of the emails. For example, the ones you mention above, clsid and boundary checks, will stop a proportional amount of virus mails from getting any further. Then there are others, like iframe, executable extensions, certain aspects of html content, excessive header line lengths, to name but a few. A lot of the virus emails, as well as containing the virii themselves, also rely upon exploits or failings in the targeted MUA software to actually execute or mask the content until it is executed. That is why there are such a raft of 'mime sanitising' programmes available, Anomy and MimeDefang being prime examples. The scripts I use are homemade, building up gradually, (over the last few months), in finesse and precision. It isn't perfect, granted, but it is getting closer. The few it does tend to miss due to exploits or invalid/dubious composition are then subjected to virus scanning. It literally boils down to the fact that if some content/composition in an email is not encountered in legitimate emails, then the assumption of its contents not being legitimate and safe are ninety something percent. Any type of defensive system is built upon layers. The order of the layers is down to personal preference, but there should always be a minimum of two layers of defense for any given attack vector. ( If my posts get any longer, they'll be in pocket book format soon :) All the best, Matt --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] virus submission problem
Lol @ preacher -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: 29 September 2004 14:45 To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] virus submission problem Paul Boven wrote: > >>>> This is not an isolated case. The virus submission page must be > >>>> changed to run the latest RELEASED version of clamav. > > Seconded. I run an up-to-date release version of ClamAV (0.75), there > are virusses getting trough, but I can't submit them because 0.80rc3 > would have recognised them. And we know clamav 0.75 would be able to > detect these given specific examples. Why doesn't someone offer to create and host such a page, if it is that important? If I've said it once, I've said it a thousand times, a virus scanner should be the last line of defence in any given email scanning system. There are multiple ways to stop most infected emails before they ever even reach the virus scanner(s). No one should be wholly reliant upon a virus scanning solution to protect their email integrity. If people are having problems with infected emails slipping through, your parsing/scanning scripts are either misconfigured or just useless crap. There are a significant amount of other methods that will generally detect an infected email. Approximately 3.8% of infected emails ever reach the stage where the virus scanners I use get called into action, and Clam hasn't missed one of those yet. Check for other email exploits before checking for virii. ( I really should have been a preacher :) Matt --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
AW: [Clamav-users] virus submission problem
Hi > There are a significant amount of other methods that will generally detect an infected email. Approximately 3.8% of infected emails ever reach the stage where the virus scanners I use get called into action, and Clam hasn't missed one of those yet. Check for other email exploits before checking for virii. So tell use, our preacher, how you do that? For example, I DO have dnsblacklists, helo string checking, mime checks, clsid extension checks, empty and to large boundary checks, verify sender domain and soon some callout-checks in front of clamav. However, some mail should get delivered and those should be checked, right? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] virus submission problem
On Wed, 2004-09-29 at 12:42, Bill Maidment wrote: > Trog wrote: > > > > > The current stable version is 0.75.1 > > > > > > The stable webpage points me to 0.80rc3 as the latest!!! > No it doesn't. It takes you to a page containing a number of links and information, one such link is to clamav-0.80rc3.tar.gz another such link is clamav-0.75.1.tar.gz. The page states this: "Before downloading, you may want to read Release Notes and ChangeLog" The README with 0.80rc3 clearly states it is a "release candidate". -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] virus submission problem
Paul Boven wrote: > This is not an isolated case. The virus submission page must be > changed to run the latest RELEASED version of clamav. > > Seconded. I run an up-to-date release version of ClamAV (0.75), there > are virusses getting trough, but I can't submit them because 0.80rc3 > would have recognised them. And we know clamav 0.75 would be able to > detect these given specific examples. Why doesn't someone offer to create and host such a page, if it is that important? If I've said it once, I've said it a thousand times, a virus scanner should be the last line of defence in any given email scanning system. There are multiple ways to stop most infected emails before they ever even reach the virus scanner(s). No one should be wholly reliant upon a virus scanning solution to protect their email integrity. If people are having problems with infected emails slipping through, your parsing/scanning scripts are either misconfigured or just useless crap. There are a significant amount of other methods that will generally detect an infected email. Approximately 3.8% of infected emails ever reach the stage where the virus scanners I use get called into action, and Clam hasn't missed one of those yet. Check for other email exploits before checking for virii. ( I really should have been a preacher :) Matt --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus submission problem
Trog wrote: The current stable version is 0.75.1 The stable webpage points me to 0.80rc3 as the latest!!! -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named "Alfred E. Newman", you may read only the "odd numbered words" (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from "Stupid Email Disclaimers" (see http://www.goldmark.org/jeff/stupid-disclaimers/)
Re: [Clamav-users] virus submission problem
On Wed, 2004-09-29 at 11:21, Paul Boven wrote: > Hi everyone, > > Bogusław Brandys wrote: > > This is not an isolated case. The virus submission page must be > changed to run the latest RELEASED version of clamav. > > Seconded. I run an up-to-date release version of ClamAV (0.75), there The current stable version is 0.75.1 > are virusses getting trough, but I can't submit them because 0.80rc3 > would have recognised them. And we know clamav 0.75 would be able to > detect these given specific examples. Your clairvoyance astounds me. You are free to add your own signatures to spot your samples. They almost certainly wouldn't catch any other samples of the same virus though. -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] virus submission problem
Hi everyone, BogusÅaw Brandys wrote: This is not an isolated case. The virus submission page must be changed to run the latest RELEASED version of clamav. Seconded. I run an up-to-date release version of ClamAV (0.75), there are virusses getting trough, but I can't submit them because 0.80rc3 would have recognised them. And we know clamav 0.75 would be able to detect these given specific examples. Regards, Paul Boven. --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] virus submission problem
On Tue, 2004-09-28 at 21:35, Steffen Heil wrote: > Hi > > > I have a serious issue with the current way virus samples are submitted. > Right now, many viruses, such as the currently-spreading jpeg virus (see > http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS > version. But we can't be expected to run those on production servers. > > Yes, I understand that 0.7x can't do a heuristic check for the jpeg > exploit. However, it *can* look for this particular file (get your free > copy from http://easynews.com/virus/virus-jpeg.zip), and a signature should > be released. > > This is not an isolated case. The virus submission page must be changed > to run the latest RELEASED version of clamav. > > I totally agree. > It is great to know, that some soon coming version will detect things better > and can detect generic problems instead of single viri only. > However I have somehow the feeling, that right now our servers are under > attack and we are left in the rain alone. One of the major advantages of ClamAV over commercial products is that you are able to add your own signatures. Signatures for the JPEG exploit for non-80rc versions have been posted to the list. The only signatures in the new format in the current db are there because old style signatures would either produce false positives, or are not possible to create. There are less than 10 of them. The main advantage of the 0.80 version is the new unpackers and file type support. As such it is able to spot existing signatures in more file types. It does not inherently support a huge number of new signatures. The ClamAV team have very limited resources, and our time is better spent creating new signatures for unknown viruses, rather than wading through old viruses we already have signatures for, just because they happen to be in some archive type that old versions of clam don't know about. > > Maybe, development could be split into two parts: engine and program host. > Then updates to the engine (to accomodate new virus signature types) could > be added, while the program can be developed more slowly. Are you volunteering to build 'engine' binaries for every platform that every user would conceivably use ClamAV on in order to support this? > > I like clam-av very much, but knowing, that I got a virus that was happily > detected by McAfee some weeks ago and that I tried to submit to the clamav > team, is still not detected by my server and may still hit my customers is a > nightmare. I've said this before, and I'll say it again. Thats a business decision on your part. You have to way up the pro and cons of the options and make a decision based on those. You can do things to mitigate the perceived risks of deploying the 0.80rc3 version, like doing internal testing, having an warm backup of your production system with which to continually test CVS versions (and supply feedback), re-configure your system to use clamscan rather than clamdscan, etc. Personally, I chucked 15GB of customer email through CVS versions prior to 0.80rc in order to check it's integrity. And continued to do so until I was happy with the results. As such I have confidence in it's stability. -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] virus submission problem
Hello, Mitch (WebCob) wrote: This is not an isolated case. The virus submission page must be changed to run the latest RELEASED version of clamav. Haven't looked in a while, but I think it should: Display result using latest RELEASE Display result using latest CVS Display IDENTITY of the virus Display config of the online scanner (in case this affects the result) Indicate time / date of the addition of this sig. This would eliminate confusion, and all the "it says detected but not what it is" etc. I volunteered to look at making changes like this as did a few others iirc, but for some reason this "tool" is not "open" :( Hopefully if enough people second the motion, the changes can at least be implemented. This could be done by writing PHP code to clamscan or better libclamav or clamd. Anyone knows how to write PHP extension ? For clamscan it could be a simple script invoking clamscan for scanning file stored in /tmp but it is quite dangerous. Regards Boguslaw Brandys --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] virus submission problem
> > This is not an isolated case. The virus submission page must be changed > to run the latest RELEASED version of clamav. > Haven't looked in a while, but I think it should: Display result using latest RELEASE Display result using latest CVS Display IDENTITY of the virus Display config of the online scanner (in case this affects the result) Indicate time / date of the addition of this sig. This would eliminate confusion, and all the "it says detected but not what it is" etc. I volunteered to look at making changes like this as did a few others iirc, but for some reason this "tool" is not "open" :( Hopefully if enough people second the motion, the changes can at least be implemented. Thanks. m/ --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
AW: [Clamav-users] virus submission problem
Hi > I have a serious issue with the current way virus samples are submitted. Right now, many viruses, such as the currently-spreading jpeg virus (see http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS version. But we can't be expected to run those on production servers. > Yes, I understand that 0.7x can't do a heuristic check for the jpeg exploit. However, it *can* look for this particular file (get your free copy from http://easynews.com/virus/virus-jpeg.zip), and a signature should be released. > This is not an isolated case. The virus submission page must be changed to run the latest RELEASED version of clamav. I totally agree. It is great to know, that some soon coming version will detect things better and can detect generic problems instead of single viri only. However I have somehow the feeling, that right now our servers are under attack and we are left in the rain alone. Maybe, development could be split into two parts: engine and program host. Then updates to the engine (to accomodate new virus signature types) could be added, while the program can be developed more slowly. I like clam-av very much, but knowing, that I got a virus that was happily detected by McAfee some weeks ago and that I tried to submit to the clamav team, is still not detected by my server and may still hit my customers is a nightmare. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
[Clamav-users] virus submission problem
I have a serious issue with the current way virus samples are submitted. Right now, many viruses, such as the currently-spreading jpeg virus (see http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS version. But we can't be expected to run those on production servers. Yes, I understand that 0.7x can't do a heuristic check for the jpeg exploit. However, it *can* look for this particular file (get your free copy from http://easynews.com/virus/virus-jpeg.zip), and a signature should be released. This is not an isolated case. The virus submission page must be changed to run the latest RELEASED version of clamav. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
