Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
On 02/13/2013 07:36 AM, Joel Esler wrote: Apple doesn't block everything but what they have tested. What does that mean? On Wednesday, February 13, 2013 at 10:02 AM, Jim Preston wrote: Basically it means that you have get your applications from the App Store and all programs have to be approved by Apple to be sold in the store. On 02/13/2013 08:05 AM, Joel Esler wrote: To be sold in the store, sure. But your apps don't have to be sold in the store. On 13.02.13 14:59, Jim Preston wrote: Unless I am mistaken, that is the point of this thread. The fact that if you want non-apple approved applications, you need to jailbreak the phone and hence should Envais0n be considered malware since it exploits IOS flaws to allow jailbreaking. No, it is not a malware. It is a jailbreak. It does not to any bad (at least from user's point of view, even if Apple is happy it has partial control over devices it sold to customers), it just makes possible installation of any software not approved by apple that does not necessarily have to be a malware. Thus, I don't really see why this should be considered a malware. I personally do not own an iPhone but was an IT person in a company that supplied iPhones to select employees and therefore was involved in ordering and setting them up. This bit is just to explain my familiarity (or lack there of depending on your viewpoint) with iPhones Well, if you wast prevent your users from using unathorized software, you of course can put that into their contracts and optionally make your own Envais0n signature on company's servers. But you should not do this in public clamav database, since there are users who legally want to jailbreak their phones and install software as they want, not as apple wants. And since their BOUGHT their iphones, they have right to do so. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
On 2/14/13 2:18 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 13.02.13 14:59, Jim Preston wrote: Unless I am mistaken, that is the point of this thread. The fact that if you want non-apple approved applications, you need to jailbreak the phone and hence should Envais0n be considered malware since it exploits IOS flaws to allow jailbreaking. No, it is not a malware. It is a jailbreak. It does not to any bad (at least from user's point of view, even if Apple is happy it has partial control over devices it sold to customers), it just makes possible installation of any software not approved by apple that does not necessarily have to be a malware. Fine, so it is a PUA - Potentially Unwanted Application. And the clamav team could create a new PUA category for it. Or the people who want the jailbreak software could list the signature in local.ign2 or whatever the ignore file is, and be happy. But for the majority of us, It's not just potentially unwanted, it is simply unwanted. If I had wanted an open phone, I would have bought an Android. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
More info on the Jailbreak. Good read: http://blog.azimuthsecurity.com/2013/02/from-usr-to-svc-dissecting-evasi0n.html -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Thursday, February 14, 2013 at 8:17 AM, Daniel McDonald wrote: On 2/14/13 2:18 AM, Matus UHLAR - fantomas uh...@fantomas.sk (mailto:uh...@fantomas.sk) wrote: On 13.02.13 14:59, Jim Preston wrote: Unless I am mistaken, that is the point of this thread. The fact that if you want non-apple approved applications, you need to jailbreak the phone and hence should Envais0n be considered malware since it exploits IOS flaws to allow jailbreaking. No, it is not a malware. It is a jailbreak. It does not to any bad (at least from user's point of view, even if Apple is happy it has partial control over devices it sold to customers), it just makes possible installation of any software not approved by apple that does not necessarily have to be a malware. Fine, so it is a PUA - Potentially Unwanted Application. And the clamav team could create a new PUA category for it. Or the people who want the jailbreak software could list the signature in local.ign2 or whatever the ignore file is, and be happy. But for the majority of us, It's not just potentially unwanted, it is simply unwanted. If I had wanted an open phone, I would have bought an Android. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] daily-16682.cdiff not found on remote server
Hello Since about two hours we get the following Errors while updating with freshclam: ClamAV update process started at Thu Feb 14 16:51:42 2013 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from db.de.clamav.net Trying again in 5 secs... I also tried to connect to db.ch.clamav.net and db.us.clamav.net the response ist mostly the same. The difference is, that the US servers also spit out something like: WARNING: getfile: daily-16682.cdiff not found on remote server (IP: 168.143.19.95) Is there a missing file on the mirrors? Best regards Matthias -- Matthias Egger ETH Zurich Department of Information Technology maeg...@ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] daily-16682.cdiff not found on remote server
On Thu, Feb 14, 2013 at 10:59 AM, Matthias Egger maeg...@ee.ethz.ch wrote: Hello Since about two hours we get the following Errors while updating with freshclam: ClamAV update process started at Thu Feb 14 16:51:42 2013 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: getpatch: Can't download daily-16682.cdiff from db.de.clamav.net WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from db.de.clamav.net Trying again in 5 secs... I also tried to connect to db.ch.clamav.net and db.us.clamav.net the response ist mostly the same. The difference is, that the US servers also spit out something like: WARNING: getfile: daily-16682.cdiff not found on remote server (IP: 168.143.19.95) Is there a missing file on the mirrors? In preparation for the 0.98 release, we needed to push out a new database file. We couldn't do this by pushing a cdiff out, so the 16682 daily.cvd update does not have a corresponding cdiff. Clients will be downloading the full daily.cvd for 16682. In short: there is no cdiff for the 16682 daily.cvd update. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
Daniel McDonald skrev den 14-02-2013 14:17: But for the majority of us, It's not just potentially unwanted, it is simply unwanted. If I had wanted an open phone, I would have bought an Android. if you did you would know that its not more open then an iphone, but it have a setting to let users install anything that is not downloaded from google.play ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
On 13.02.13 14:59, Jim Preston wrote: Unless I am mistaken, that is the point of this thread. The fact that if you want non-apple approved applications, you need to jailbreak the phone and hence should Envais0n be considered malware since it exploits IOS flaws to allow jailbreaking. On 2/14/13 2:18 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: No, it is not a malware. It is a jailbreak. It does not to any bad (at least from user's point of view, even if Apple is happy it has partial control over devices it sold to customers), it just makes possible installation of any software not approved by apple that does not necessarily have to be a malware. On 14.02.13 07:17, Daniel McDonald wrote: Fine, so it is a PUA - Potentially Unwanted Application. And the clamav team could create a new PUA category for it. Luckily this category already exists :-) Or the people who want the jailbreak software could list the signature in local.ign2 or whatever the ignore file is, and be happy. But for the majority of us, It's not just potentially unwanted, it is simply unwanted. If I had wanted an open phone, I would have bought an Android. :-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
On 14.02.13 10:57, Joel Esler wrote: More info on the Jailbreak. Good read: http://blog.azimuthsecurity.com/2013/02/from-usr-to-svc-dissecting-evasi0n.html And what do you think about the PUA/malware clasification of it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
I'll defer that decision to Alain, or the person that wrote the detection. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Thursday, February 14, 2013 at 11:13 AM, Matus UHLAR - fantomas wrote: On 14.02.13 10:57, Joel Esler wrote: More info on the Jailbreak. Good read: http://blog.azimuthsecurity.com/2013/02/from-usr-to-svc-dissecting-evasi0n.html And what do you think about the PUA/malware clasification of it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay In preparation for the 0.98 release, we needed to push out a new database file. We couldn't do this by pushing a cdiff out, so the 16682 daily.cvd update does not have a corresponding cdiff. Clients will be downloading the full daily.cvd for 16682. In short: there is no cdiff for the 16682 daily.cvd update. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
On 02/14/2013 10:31 AM, Shawn Webb wrote: On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay In preparation for the 0.98 release, we needed to push out a new database file. We couldn't do this by pushing a cdiff out, so the 16682 daily.cvd update does not have a corresponding cdiff. Clients will be downloading the full daily.cvd for 16682. In short: there is no cdiff for the 16682 daily.cvd update. Thank you for the reply Shawn. It looks like a removal of the .cvd file and a fresh download will solve the issue. Is that the recommended means to get the new update? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Does Filesize(HDB) or PESectionSize(MDB) of executables play any role in virus pattern matching?
On Wed, Feb 13, 2013 at 9:32 PM, Kaushik Vaidyanathan kvaid...@andrew.cmu.edu wrote: Hi Do the FileSize field in a HDB signature serve any purpose during pattern matching, or pattern matching relies only on the MD5 checksum? File size serves the purpose of making sure we are looking at the right file. Similarly for the MDB signature whats the role of PESectionSize in pattern matching? Does PESectionSize get used while filtering and/or preprocessing during the pattern matching? Same as above. I have read through the signatures document and could not figure this out? Do you have to step through the code to understand this? Unfortunately, there is no such documentation at this time. The code is your friend :-) Is there notes/document which specifies the different types of filtering(AC, Wu-Manber, Bloom Filters) and preprocessing ClamAV does on the input file before proceeding to the exact match? If not any suggestions on how I could figure this out quickly from the source code? If this question is not suitable for this list, where should I post this question? Thank you! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml - Alain ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
I had a similar problem. I found if I removed the old main.cld and daily.cvd, and then ran freshclam, it re-downloaded everything and seems to be working fine. My main.cld was from 2011 (pretty old). Dan On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay __**_ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/**ml http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak
In any case. This signature was dropped a couple days ago, and beyond that, users can ignore it on their end. -- Joel Esler Senior Research Engineer, VRT Open Source Community Manager On Thursday, February 14, 2013 at 11:28 AM, Daniel McDonald wrote: On 2/14/13 10:13 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 13.02.13 14:59, Jim Preston wrote: Unless I am mistaken, that is the point of this thread. The fact that if you want non-apple approved applications, you need to jailbreak the phone and hence should Envais0n be considered malware since it exploits IOS flaws to allow jailbreaking. On 2/14/13 2:18 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: No, it is not a malware. It is a jailbreak. It does not to any bad (at least from user's point of view, even if Apple is happy it has partial control over devices it sold to customers), it just makes possible installation of any software not approved by apple that does not necessarily have to be a malware. On 14.02.13 07:17, Daniel McDonald wrote: Fine, so it is a PUA - Potentially Unwanted Application. And the clamav team could create a new PUA category for it. Luckily this category already exists :-) I don't see a category that adequately describes jailbreak software. PwTool is the closest, but still misses the mark in my opinion. http://www.clamav.net/lang/en/faq/pua/ -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Does Filesize(HDB) or PESectionSize(MDB) of executables play any role in virus pattern matching?
Hi Alain Thanks Alain. Is the FileSize or PESectionSize used as a pre-processing(or filtering) step while scanning files? What I mean is does ClamAV use the size of the file to filter out all virus patterns that dont have the same filesize as that of the file under inspection? After finding a subset of virus patterns(using the FileSize field in HDB) that do match the size of the file does it then proceed to actual signature matching using WM or AC string matching algorithms? Is the same true with PESectionSize for a MDB file? Just that it would probably get PESectionSize information in the Header/SectionTable fields of the PE file under inspection? Thanks a lot! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
Is that the only solution? We have to hit a ton of servers as none of our servers using clam have been able to update for a few hours. -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dan Schwartz Sent: Thursday, February 14, 2013 11:30 AM To: ClamAV users ML Subject: Re: [clamav-users] Database Mirror Issues I had a similar problem. I found if I removed the old main.cld and daily.cvd, and then ran freshclam, it re-downloaded everything and seems to be working fine. My main.cld was from 2011 (pretty old). Dan On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay __**_ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/**ml http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
On 2/14/13 12:59 PM, Ryan Goode rgo...@vereduscorp.com wrote: Is that the only solution? We have to hit a ton of servers as none of our servers using clam have been able to update for a few hours. I'm seeing success with daily version 16683 -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dan Schwartz Sent: Thursday, February 14, 2013 11:30 AM To: ClamAV users ML Subject: Re: [clamav-users] Database Mirror Issues I had a similar problem. I found if I removed the old main.cld and daily.cvd, and then ran freshclam, it re-downloaded everything and seems to be working fine. My main.cld was from 2011 (pretty old). -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
Two choices: - wait. It will eventually sort itself out. - remove mirrors.dat and run freshclam manually. Might have to do this more than once. -- Noel Jones On 2/14/2013 12:59 PM, Ryan Goode wrote: Is that the only solution? We have to hit a ton of servers as none of our servers using clam have been able to update for a few hours. -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dan Schwartz Sent: Thursday, February 14, 2013 11:30 AM To: ClamAV users ML Subject: Re: [clamav-users] Database Mirror Issues I had a similar problem. I found if I removed the old main.cld and daily.cvd, and then ran freshclam, it re-downloaded everything and seems to be working fine. My main.cld was from 2011 (pretty old). Dan On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay __**_ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/**ml http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database Mirror Issues
A few minutes ago it all started working again. Thanks! -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Noel Jones Sent: Thursday, February 14, 2013 2:52 PM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] Database Mirror Issues Two choices: - wait. It will eventually sort itself out. - remove mirrors.dat and run freshclam manually. Might have to do this more than once. -- Noel Jones On 2/14/2013 12:59 PM, Ryan Goode wrote: Is that the only solution? We have to hit a ton of servers as none of our servers using clam have been able to update for a few hours. -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dan Schwartz Sent: Thursday, February 14, 2013 11:30 AM To: ClamAV users ML Subject: Re: [clamav-users] Database Mirror Issues I had a similar problem. I found if I removed the old main.cld and daily.cvd, and then ran freshclam, it re-downloaded everything and seems to be working fine. My main.cld was from 2011 (pretty old). Dan On Thu, Feb 14, 2013 at 11:00 AM, Clayton Keller inetad...@ruraltel.netwrote: Within the past hour we have started seeing the following errors reported when running freshclam: ERROR: getpatch: Can't download daily-16682.cdiff from db.us.clamav.net ERROR: Can't download daily.cvd from db.us.clamav.net ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Our last successful download was at 07:39:52 CST. A colleague has indicated to me that they are seeing a similar issue with the EU mirror. Any assistance would be appreciated. Please let me know if we can provide you with any additional debug info, etc. Clay __**_ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/**ml http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml