[Clamav-users] clamd fails to detect structured data after running for 10 minutes
I'm seeing some strange behavior in the latest svn, where clamd stops detecting certain structured data test files after the daemon has been running for about 10 minutes. (See syslog sample below.) Not sure if this is specific to structured data or not. Anyone else seeing anything similar. Is there a potential config issue, or should I open a bug? -tm Feb 6 10:13:16 mailclientdev clamd[9012]: clamd daemon devel-r4680 (OS: linux-gnu, ARCH: i386, CPU: i686) Feb 6 10:13:16 mailclientdev clamd[9012]: Running as user clamav (UID 100, GID 101) Feb 6 10:13:16 mailclientdev clamd[9012]: Log file size limit disabled. Feb 6 10:13:16 mailclientdev clamd[9012]: Reading databases from /var/clamav Feb 6 10:13:16 mailclientdev clamd[9012]: Not loading PUA signatures. Feb 6 10:13:21 mailclientdev clamd[9012]: Loaded 513108 signatures. Feb 6 10:13:21 mailclientdev clamd[9012]: LOCAL: Unix socket file /var/run/clamav/clamd.socket Feb 6 10:13:21 mailclientdev clamd[9012]: LOCAL: Setting connection queue length to 30 Feb 6 10:13:21 mailclientdev clamd[9014]: Limits: Global size limit set to 104857600 bytes. Feb 6 10:13:21 mailclientdev clamd[9014]: Limits: File size limit set to 26214400 bytes. Feb 6 10:13:21 mailclientdev clamd[9014]: Limits: Recursion level limit set to 16. Feb 6 10:13:21 mailclientdev clamd[9014]: Limits: Files limit set to 1. Feb 6 10:13:21 mailclientdev clamd[9014]: Archive support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: Algorithmic detection enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: Portable Executable support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: ELF support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: Detection of broken executables enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: Mail files support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: OLE2 support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: PDF support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: HTML support enabled. Feb 6 10:13:21 mailclientdev clamd[9014]: Structured: Minimum Credit Card Number Count set to 1 Feb 6 10:13:21 mailclientdev clamd[9014]: Structured: Minimum Social Security Number Count set to 1 Feb 6 10:13:21 mailclientdev clamd[9014]: Self checking every 600 seconds. Feb 6 10:13:21 mailclientdev clamd[9014]: Listening daemon: PID: 9014 Feb 6 10:13:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:13:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:14:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:14:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:15:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:15:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:16:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:16:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:17:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:17:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:18:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:18:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:19:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:19:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:20:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:20:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:21:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:21:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:22:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:22:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:23:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:23:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:24:21 mailclientdev clamd[9014]: No stats for Database check - forcing reload Feb 6 10:24:21 mailclientdev clamd[9014]: Reading databases from /var/clamav Feb 6 10:24:21 mailclientdev clamd[9014]: /opt/filter_tests/ssn-123-45-6789.txt: Structured.SSN FOUND Feb 6 10:24:27 mailclientdev clamd[9014]: Database correctly reloaded (513108 signatures) Feb 6 10:24:27 mailclientdev clamd[9014]: /opt/filter_tests/ssn.txt: Structured.SSN FOUND Feb 6 10:25:27 mailclientdev clamd[9014]: /opt/filter_tests/ss
Re: [Clamav-users] How to test ClamAV
Interesting...if I create a plain text email with the eicar text in it, ClamAV detects it successfully. Can anyone suggest another way to send myself a non-password-protected/encrypted attachment that ClamAV might have a chance at detecting? It's either that or disable my workstation AV and server AV to send one out and back in that way - kind of a pain. Thanks! On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones wrote: > Steve Basford wrote: >> >> Alex Davidson wrote: >> >>> send myself EICAR test >>> virus strings but firstly only 3 of the 7 tests hit my mail server, >>> and secondly ClamAV doesn't detect anything, yet the next-level AV >>> detects it just fine. >> >> I tried to send the 7 tests to my main address... only 3 arrived >> >> (the clean one - and 2 of the password protected one) > > I received the same thing. > > >> >> My ISP probably filtered out the others. > > My ISP does no filtering; either the test messages were > blocked at the source (ISP/webhost egress filtering) or they > were never sent. > > As for the encrypted files, nothing can check inside an > encrypted zip, but they can be blocked based on a file name > inside the zip, or clamd can mark all encrypted zips by > setting "ArchiveBlockEncrypted yes" in clamd.conf > > At any rate, this test appears useless. Find another one. > > -- > Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Alex Davidson wrote: >send myself EICAR test >virus strings but firstly only 3 of the 7 tests hit my mail server, >and secondly ClamAV doesn't detect anything, yet the next-level AV >detects it just fine. I tried to send the 7 tests to my main address... only 3 arrived (the clean one - and 2 of the password protected one) My ISP probably filtered out the others. I can't see ClamAV detecting these two... as it doesn't know the password to decide the insides) eicarpasswd.zip (new! - zip compressed eicar.com with password) eicarpasswdocr.zip (new! - zip compressed eicar.com with password in image file) You could add a signature to detect the above.. but it would ONLY work with the above EICAR test and the SAME password. Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
You'll need to find a nastie that your local/server AV don't detect, but ClamAV does. Or make an exception for a file extention... rename eicar.txt to eicar.z43 (something random) and make sure your server and local av will ignore that file extention. On Fri, Feb 6, 2009 at 10:45 AM, Alex Davidson wrote: > Interesting...if I create a plain text email with the eicar text in > it, ClamAV detects it successfully. > > Can anyone suggest another way to send myself a > non-password-protected/encrypted attachment that ClamAV might have a > chance at detecting? > It's either that or disable my workstation AV and server AV to send > one out and back in that way - kind of a pain. > > Thanks! > > On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones wrote: > > Steve Basford wrote: > >> > >> Alex Davidson wrote: > >> > >>> send myself EICAR test > >>> virus strings but firstly only 3 of the 7 tests hit my mail server, > >>> and secondly ClamAV doesn't detect anything, yet the next-level AV > >>> detects it just fine. > >> > >> I tried to send the 7 tests to my main address... only 3 arrived > >> > >> (the clean one - and 2 of the password protected one) > > > > I received the same thing. > > > > > >> > >> My ISP probably filtered out the others. > > > > My ISP does no filtering; either the test messages were > > blocked at the source (ISP/webhost egress filtering) or they > > were never sent. > > > > As for the encrypted files, nothing can check inside an > > encrypted zip, but they can be blocked based on a file name > > inside the zip, or clamd can mark all encrypted zips by > > setting "ArchiveBlockEncrypted yes" in clamd.conf > > > > At any rate, this test appears useless. Find another one. > > > > -- > > Noel Jones > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- -Xinn.org Security, and Sanity Solutions The makers of ClearSite NMS. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd fails to detect structured data after running for 10 minutes
On 2009-02-06 17:37, Tim Maletic wrote: > I'm seeing some strange behavior in the latest svn, where clamd stops > detecting certain structured data test files after the daemon has been > running for about 10 minutes. (See syslog sample below.) Not sure if > this is specific to structured data or not. Anyone else seeing > anything similar. Is there a potential config issue, or should I open > a bug? -tm > Please open a bugreport, and run clamd with 'Foreground yes' 'Debug yes' Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Steve Basford wrote: > > Alex Davidson wrote: > >> send myself EICAR test >> virus strings but firstly only 3 of the 7 tests hit my mail server, >> and secondly ClamAV doesn't detect anything, yet the next-level AV >> detects it just fine. > > I tried to send the 7 tests to my main address... only 3 arrived > > (the clean one - and 2 of the password protected one) I received the same thing. > > My ISP probably filtered out the others. My ISP does no filtering; either the test messages were blocked at the source (ISP/webhost egress filtering) or they were never sent. As for the encrypted files, nothing can check inside an encrypted zip, but they can be blocked based on a file name inside the zip, or clamd can mark all encrypted zips by setting "ArchiveBlockEncrypted yes" in clamd.conf At any rate, this test appears useless. Find another one. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Andy wrote: > You'll need to find a nastie that your local/server AV don't detect, but > ClamAV does. Or make an exception for a file extention... rename eicar.txt > to eicar.z43 (something random) and make sure your server and local av will > ignore that file extention. > It's not that difficult if you've properly set up the system to check for outgoing viruses as well as incoming viruses. You need only send a sample virus to a friend or test address. ClamAV doesn't care which way the bug is going - it should reject it before it leaves the building. Checking for outgoing viruses does seem to be an alien concept for some mail admins, though. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Alex Davidson wrote: > Interesting...if I create a plain text email with the eicar text in > it, ClamAV detects it successfully. > > Can anyone suggest another way to send myself a > non-password-protected/encrypted attachment that ClamAV might have a > chance at detecting? There is a test tool at http://tools.declude.com/ under the "Virus Test" heading. There are a bizillioin options for sending the virus. The only tests that really count are the "Plain base64 MIME encoded" and "Zip file". Clam should detect those. The rest appear to be mostly marketing fluff; don't be too concerned if clam doesn't detect them. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Hello Alex, I don't have a definitive test either. I have recently installed ClamAV on my gateway/router/firewall/smtp Linux box. I tried the canned test as suggested in the ClamAV doco but I could not see anything definitive. I agree that a real email from the would be a definitive test. Since ClamAV is running on a Linux box a Windows virus in an email attachment would be the best test without actually exposing the Linux box to compromise. I must admit that I would be reluctant to do this myself as the reason I installed ClamAV is I recently rid my local Windows boxes of a vicious browser hijack trojan. The source of this trojan was in all-likelihood not from email but from a link embedded in a normal html page. BTW: what is the EICAR test I will try this myself. Regards, :-), David. Alex Davidson wrote .. > Interesting...if I create a plain text email with the eicar text in > it, ClamAV detects it successfully. > > Can anyone suggest another way to send myself a > non-password-protected/encrypted attachment that ClamAV might have a > chance at detecting? > It's either that or disable my workstation AV and server AV to send > one out and back in that way - kind of a pain. > > Thanks! > > On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones wrote: > > Steve Basford wrote: > >> > >> Alex Davidson wrote: > >> > >>> send myself EICAR test > >>> virus strings but firstly only 3 of the 7 tests hit my mail server, > >>> and secondly ClamAV doesn't detect anything, yet the next-level AV > >>> detects it just fine. > >> > >> I tried to send the 7 tests to my main address... only 3 arrived > >> > >> (the clean one - and 2 of the password protected one) > > > > I received the same thing. > > > > > >> > >> My ISP probably filtered out the others. > > > > My ISP does no filtering; either the test messages were > > blocked at the source (ISP/webhost egress filtering) or they > > were never sent. > > > > As for the encrypted files, nothing can check inside an > > encrypted zip, but they can be blocked based on a file name > > inside the zip, or clamd can mark all encrypted zips by > > setting "ArchiveBlockEncrypted yes" in clamd.conf > > > > At any rate, this test appears useless. Find another one. > > > > -- > > Noel Jones > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV
Hello Noel, yep it worked. The eicar message was found but not before a user with enough time to open the mail message and the attachement. And, it is difficult to tell exactly which message is the culprit because all I see from the CRON log email is: /Maildir/cur/1233939406.Vfd00I270080M968444.davidwbrown.name:2,S: Eicar-Test-Signature FOUND And, the gadgetry set-up to automatically send email to users with FOUND signatures did not trigger. I suppose I need to run ClamAV as daemon and ditch the CRON job. Thanks, David. Noel Jones wrote .. > Alex Davidson wrote: > > Interesting...if I create a plain text email with the eicar text in > > it, ClamAV detects it successfully. > > > > Can anyone suggest another way to send myself a > > non-password-protected/encrypted attachment that ClamAV might have a > > chance at detecting? > > There is a test tool at http://tools.declude.com/ under the > "Virus Test" heading. > There are a bizillioin options for sending the virus. The > only tests that really count are the "Plain base64 MIME > encoded" and "Zip file". Clam should detect those. The rest > appear to be mostly marketing fluff; don't be too concerned if > clam doesn't detect them. > > > -- > Noel Jones > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Is there any maintenance
Hi, I installed clamav on my machine. I am using it for scanning files not for my mail server I want to know what kind of maintainence needed for this software (Like upgrades). Does it scan all kind of basic document types like Microsoft products, Adobe, Txt files? Where can I find the virus file that I can test my program with? Thanks ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Is there any maintenance
Hello, this was just discussed: http://tools.declude.com. Apparently only the first two on the pull-down menu are of any value. HTH, David. Madhuri Somavarapu wrote .. > Hi, > > I installed clamav on my machine. I am using it for scanning files not for my > mail > server I want to know what kind of maintainence needed for this software (Like > upgrades). > > Does it scan all kind of basic document types like Microsoft products, Adobe, > Txt > files? > > Where can I find the virus file that I can test my program with? > > Thanks > > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Is there any maintenance
On Fri, 2009-02-06 at 10:08 -0800, Madhuri Somavarapu wrote: > Hi, > > I installed clamav on my machine. I am using it for scanning files not > for my mail server I want to know what kind of maintainence needed for > this software (Like upgrades). Upgrades are not automatic, so watch the user list, or at least the announce list, for information on new versions. You should have some program verify that clamd and freshclam are running. I have running procs reported to my xymon server, and alert if either of those two daemons goes away, but there are plenty of ways to do that. If you are interested in 3rd party signatures, then there will be significantly more maintenance. A few Google searches should get you started on 3rd-party signatures. > Does it scan all kind of basic document types like Microsoft products, Adobe, > Txt files? Yes, and many not-so-basic types. Some of that scanning needs to be explicitly enabled - see the clamd.conf file for details. > > Where can I find the virus file that I can test my program with? eicar.com -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Is there any maintenance
McDonald, Dan wrote: > On Fri, 2009-02-06 at 10:08 -0800, Madhuri Somavarapu wrote: >> Hi, >> >> I installed clamav on my machine. I am using it for scanning files not >> for my mail server I want to know what kind of maintainence needed for >> this software (Like upgrades). > > Upgrades are not automatic, so watch the user list, or at least the > announce list, for information on new versions. These are indeed good places to look, but they are often "after the fact". We pre-announce upcoming upgrades on www.clamav.net, so you should also keep an eye out there. -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Using clamav on internet gateway
Hi, Is there any way to use clamav on an internet gateway (linux based) to protect connected hosts from virus/malicious content? (Internet)-| Internet Gateway (linux on x86) | Host-1 | | Host-2 Thanks, Sam ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Using clamav on internet gateway
Sunny K wrote: > Hi, > > Is there any way to use clamav on an internet gateway (linux based) to > protect connected hosts from virus/malicious content? > > (Internet)-| Internet Gateway (linux on x86) | Host-1 > | > | Host-2 ClamAV is used successfully in gateway systems for web proxy (squid, for example), email, and ftp traffic, all in real time. This requires some horsepower to keep from introducing lag into the system. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Using clamav on internet gateway
On Sat, 7 Feb 2009 00:11:10 +0530 Sunny K wrote: > Hi, > > Is there any way to use clamav on an internet gateway (linux based) to > protect connected hosts from virus/malicious content? > > (Internet)-| Internet Gateway (linux on x86) | Host-1 > | > | Host-2 > > Thanks, > Sam > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml Yes. Run squid as a proxy server, and then integrate clamav using the squidclamav product. Works well for me (: ( I use squidGuard as well so I can blacklist specific sites/classes of sites ) hth, Steve -- Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Using clamav on internet gateway
Another is SafeSquid, which now does not require Squid itself to be installed and or running if it is installed. http://www.howtoforge.com/gateway-level-virus-security-clamav-safesquid-proxySafeSquid has windows and *nix support. I believe Snort can even use ClamAV http://en.wikipedia.org/wiki/Snort_(software) On Fri, Feb 6, 2009 at 2:01 PM, Steve wrote: > On Sat, 7 Feb 2009 00:11:10 +0530 > Sunny K wrote: > > > Hi, > > > > Is there any way to use clamav on an internet gateway (linux based) to > > protect connected hosts from virus/malicious content? > > > > (Internet)-| Internet Gateway (linux on x86) | Host-1 > > | > > | Host-2 > > > > Thanks, > > Sam > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > Yes. > > Run squid as a proxy server, and then integrate clamav using the > squidclamav product. Works well for me (: > ( I use squidGuard as well so I can blacklist specific sites/classes of > sites ) > > hth, > > Steve > -- > Steve > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- -Xinn.org Security, and Sanity Solutions The makers of ClearSite NMS. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Using clamav on internet gateway
--- Dennis Peterson schrieb am Fr, 6.2.2009: Von: Dennis Peterson Betreff: Re: [Clamav-users] Using clamav on internet gateway An: "ClamAV users ML" Datum: Freitag, 6. Februar 2009, 19:58 Sunny K wrote: > Hi, > > Is there any way to use clamav on an internet gateway (linux based) to > protect connected hosts from virus/malicious content? > > (Internet)-| Internet Gateway (linux on x86) | Host-1 > | > | Host-2 I use it together with dansguardian: www.dansguardian.org Though DG primarily is for content filtering, integeration of clamav is simple, because DG works as a proxy. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Using clamav on internet gateway
Sunny K wrote: > Hi, > > Is there any way to use clamav on an internet gateway (linux based) to > protect connected hosts from virus/malicious content? > > (Internet)-| Internet Gateway (linux on x86) | Host-1 > | > | Host-2 > > Thanks, > Sam You can try HAVP http://www.server-side.de/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
