Menu
▾
▴
amavis-bugs — Bug Announcements by the AMaViS Team
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
(1) |
Sep
|
Oct
(2) |
Nov
(9) |
Dec
(3) |
|---|
|
From: Rainer L. <li...@su...> - 2000-12-11 21:04:46
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AMaViS Security Announcement
Date: 12/11/2000
affected version(s): AMaViS-Perl below AMaViS-Perl-10
Vulnerability Type: script viruses (i.e. vbs worms) may not
be detected
Priority: urgent
Solution: upgrade to AMaViS-Perl-10
Author: Lars Hecking <lhe...@nm...>
Rainer Link <li...@su...>
Advisory ID: ASA-2000-5
- ---------------------------------------------------------------------------
1. Problem description
AMaViS-Perl uses a Perl module to decode (uudecode/xxdecode or binhex) every
file which is recognised by file(1) as ASCII, text, uuencode, xxencode or
binhex. If a (ASCII, text) file is _not_ encoded, the resulting file is
zero bytes long and the original file will be deleted as usual
as AMaViS-Perl fails to detect this error case. Therefore the
virus itself will be deleted.
2. Impact
Obvious. This bug can let script viruses go undetected.
3. Solution
Upgrade to AMaViS-Perl-10.
4. Acknowledgement
This bug was discovered accidentally by Lars Hecking.
5. References
https://sourceforge.net/projects/amavis/
http://www.amavis.org/
6. Revision History
12/11/2000: initial release
===========================================================================
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O
yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB
RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o
pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx
JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4
g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8
x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ
+U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv
0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl
cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE
AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ
AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX
VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/
g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r
UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V
IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe
e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E
K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r
IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ
EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX
qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl
PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45
eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS
FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz
uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL
FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN
IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo
nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii
5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw
2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR
3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM
UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb
dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S
fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA
BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ
VrZ22GYrSJJn3sNjQKAHd3w=
=Fsd9
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org
iD8DBQE6NTs/mxoFTBO0QHkRAqRpAJ9MlL/MYBXBoHQ7zMgGc57BVTNdGQCgoKed
EuhcY4RJI8U7AEG9IXem77k=
=UWlO
-----END PGP SIGNATURE-----
--
Rainer Link | SuSE - The Linux Experts
li...@su... | Developer of A Mail Virus Scanner (amavis.org)
www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
|
|
From: Lars H. <lhe...@us...> - 2000-12-05 13:29:32
|
Piotr Kasztelowicz writes: [...] > checking if tar removes leading / from archive... no > configure: error: your 'tar' does NOT remove leading / from pathnames! > > I use Solaris 2.6. > > Please answer on priva and help if possible This is not a bug in amavis! Solaris tar doesn't remove leading slashes from pathnames. Imagine someone emailed you an archive of /etc with all files truncated to zero, you run scanmails as root, and Solaris tar unpacks a bunch of empty files into /etc. Bummer. You're better off installing GNU tar. No matter whether it's in $PATH before or after /bin/tar, configure will use it if installed as gtar. |
|
From: Piotr K. <pe...@lo...> - 2000-12-04 22:45:38
|
Hello Please help me with configure. After command: ./configure --enable-qmail such error has been reported checking *** Kaspersky Lab AVPDaemon *** checking for AvpDaemon... no configure: warning: ************************************************************ configure: warning: *** Kaspersky Lab AVPDaemon NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** Kaspersky AVPDaemonClient *** checking for AvpDaemonClient... no configure: warning: ************************************************************ configure: warning: *** Kaspersky Lab AVPDaemonClient NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** Kaspersky AVPDaemonClient *** checking for AvpDaemonTst... no configure: warning: ************************************************************ configure: warning: *** Kaspersky Lab AVPDaemonTst NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** DataFellows F-Secure AntiVirus *** checking for fsav... no configure: warning: ************************************************************ configure: warning: *** DataFellows F-Secure AntiVirus NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** Trend Micro FileScanner *** checking for vscan... no configure: warning: ************************************************************ configure: warning: *** Trend Micro FileScanner NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** CyberSoft vfind *** checking for vfind... no configure: warning: ************************************************************ configure: warning: *** CyberSoft vfind NOT found *** configure: warning: *** but that's ok *** configure: warning: ************************************************************ checking *** CAI InoculateIT Inocucmd command line utility 4.0 *** checking for inocucmd... /usr/local/inoculateit/inocucmd checking if any virusscanners have been installed at all... yes checking if tar removes leading / from archive... no configure: error: your 'tar' does NOT remove leading / from pathnames! I use Solaris 2.6. Please answer on priva and help if possible -- Piotr Kasztelowicz <Pio...@lo...> [http://www.am.torun.pl/~pekasz] |
|
From: Rainer L. <li...@su...> - 2000-11-17 19:14:07
|
On Thu, 16 Nov 2000, Viraj Alankar wrote: > BTW, regarding the other ownership problem I had, I tried on a different > RH 6.2 box with Sendmail/Procmail and noticed the same UID problem. The > extracted files are owned by root, and I have to change the permissions to > 755. Also when viruses are found they are always copied to > /var/virusmails/root instead of the username. Any ideas? Hmm, seems to be a "problem" with RH 6.2 :) scanmails seems to be run as root. Well, can you show me your Mlocal entry in sendmail.cf ? best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts li...@su... | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org) |
|
From: Rainer L. <li...@su...> - 2000-11-17 17:59:21
|
On Thu, 16 Nov 2000, Viraj Alankar wrote: > BTW, regarding the other ownership problem I had, I tried on a different > RH 6.2 box with Sendmail/Procmail and noticed the same UID problem. The > extracted files are owned by root, and I have to change the permissions to > 755. Also when viruses are found they are always copied to > /var/virusmails/root instead of the username. Any ideas? Seems scanmails is not run under the local user id, but always under uid root. Depends on you sendmail.cf, i.e. RunAs, DefaulUser and Mlocal (esp. the F= stuff) settings. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts li...@su... | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org) |
|
From: Viraj A. <val...@if...> - 2000-11-17 15:00:56
|
On Thu, 16 Nov 2000, Rainer Link wrote: > On Thu, 16 Nov 2000, Viraj Alankar wrote: > > > Looking at the man page for McAfee v4.1.0 for Linux, the return values > > seem to have changed. Currently Amavis v0.2.1 assumes the following return > > values are valid and anything else to be an internal error: > > > > 0 > > 10 > > 13 > > Correct, yes. > > > But from uvscan man page there is also: > > > > 12 The scanner tried to clean a file, > > and that clean failed for some reason > > and the file is still infected. > > Hmm, did you get this return value in some cases? uvscan should not try to > clean (automatically) an infected file. The man page says the -c / --clean > is by default off. So uvscan should never return this value when used with > AMaViS. No I never got the return value. I see now that it should never return this value, my mistake. BTW, regarding the other ownership problem I had, I tried on a different RH 6.2 box with Sendmail/Procmail and noticed the same UID problem. The extracted files are owned by root, and I have to change the permissions to 755. Also when viruses are found they are always copied to /var/virusmails/root instead of the username. Any ideas? Thanks, Viraj. |
|
From: Rainer L. <li...@su...> - 2000-11-16 20:33:21
|
On Thu, 16 Nov 2000, Viraj Alankar wrote: > Looking at the man page for McAfee v4.1.0 for Linux, the return values > seem to have changed. Currently Amavis v0.2.1 assumes the following return > values are valid and anything else to be an internal error: > > 0 > 10 > 13 Correct, yes. > But from uvscan man page there is also: > > 12 The scanner tried to clean a file, > and that clean failed for some reason > and the file is still infected. Hmm, did you get this return value in some cases? uvscan should not try to clean (automatically) an infected file. The man page says the -c / --clean is by default off. So uvscan should never return this value when used with AMaViS. Btw, you're correct. The man page does not show return code 10 any more. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts li...@su... | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org) |
|
From: Viraj A. <val...@if...> - 2000-11-16 19:56:25
|
Looking at the man page for McAfee v4.1.0 for Linux, the return values
seem to have changed. Currently Amavis v0.2.1 assumes the following return
values are valid and anything else to be an internal error:
0
10
13
But from uvscan man page there is also:
12 The scanner tried to clean a file,
and that clean failed for some reason
and the file is still infected.
Since this would be an internal error, mail would still be sent. I think
we would want to block these messages. Also return code 10 is no longer in
the manual. I've made the following changes to scanmails in our setup
around line 968:
scanstatus5=$?
if ${test} ${scanstatus5} -ne 0 -a ${scanstatus5} -ne 10 -a
${scanstatus5} -ne 13 -a ${scanstatus5} -ne 12
then
internal_error=1
fi
And also added the following around line 1215:
...
-o ${scanstatus5} -eq 12 \
...
I hope that's all that was needed. Let me know if I'm interpreting
this incorrectly.
BTW, thanks for such a great (and simple) program. It has already saved us
from many headaches. I want to also note that I have evaluated other
commercial Email gateway solutions for Linux (who shall remain nameless),
many of which would simply crash when receiving certain attachments.
Waiting for support on this software is ridiculous. At least with open
software I can try fixing the problems myself. Thanks again.
Viraj.
|
|
From: Viraj A. <val...@if...> - 2000-11-15 14:44:20
|
I noticed a strange thing with McAfee uvscan on Linux v4.10.0
By default it seems to be scanning the boot records of all drives,
contrary to what it says in the manual as this option defaulting to off.
When executing uvscan with all of the options that Amavis v0.2.1 is
sending, I was getting some cdrom seek errors in my messages file (don't
ask me why it's trying to scan a CDROM!):
Nov 15 09:23:28 mail kernel: hdc: packet command error: status=0x51 {
DriveReady SeekComplete Error }
Nov 15 09:23:28 mail kernel: hdc: packet command error: error=0x54
Nov 15 09:23:29 mail kernel: ATAPI device hdc:
Nov 15 09:23:29 mail kernel: Error: Illegal request -- (Sense key=0x05)
Nov 15 09:23:29 mail kernel: Invalid field in command packet --
(asc=0x24, ascq=0x00)
Nov 15 09:23:29 mail kernel: The failed "Start/Stop Unit" packet command
was:
Nov 15 09:23:29 mail kernel: "1b 00 00 00 03 00 00 00 00 00 00 00 "
Nov 15 09:23:29 mail kernel: cdrom: open failed.
By adding the --noboot option to uvscan, it stopped doing this. I changed
the corresponding line in scanmails to:
uvscan4_cmdl="--secure -rv --summary --noboot"
And everything seems ok now.
Viraj.
|
|
From: Viraj A. <val...@if...> - 2000-11-13 03:59:33
|
Hello, I'm using amavis-0.2.1 with McAfee 4.07 on Redhat 6.1. When attachments are extracted they always are owned by root. The 'chmod 700' in scanmails causes uvscan to fail scanning (it says it cannot see the directory). The userid of the scanmail process is the user who the mail is being delivered to, however the euid is root. When I change the 'chmod 700' to 'chmod 755' it works. Any help appreciated. Viraj. |
|
From: Juergen Q. <qu...@fh...> - 2000-11-11 08:45:16
|
> Hello!
>
> We have a problem with zipsecure, which is used by AMaVis V2.1. We have
> a self extracting archive - bob.exe. This archive contains the library
> "zlib.dll". If zipsecure comes to this file, it is getting into an
> endless loop while using a lot of CPU-time doing not much.
>
> If i compile zipsecure in debug-mode i get the following output:
> ># zipsecure < zlib.dll > /dev/null
> >Little Endian
> >Magic at offset 0x820e -
> >CentralDir: Offset=1944605008 (73e85150) - 1944605008 (73e85150)
> >changing "üÿÿf?ÀtfËÿ<E" to "y26335.0"
> >> here i have to break the execution....
>
> It seems that the program tries to rename a non existing file. I have
> made the following change in the function "LoadCentralDirEntry" as a
> quick workaround for our company:
> ># diff zipsecure.c.BAK zipsecure.c
> >281c281
> >< for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy; ToCopy-=i ) {
> >---
> >> for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy && ! feof(fpin); ToCopy-=i ) {
>
> Can someone bring this workaround into a well working patch for
> zipsecure V1.5?
The problem will be fixed in the outcoming V2.0.
Thanks a lot!!!
Juergen Quade.
>
> Thanx
>
> Alex Spannagel
>
> --
> * Alexander Spannagel * Networkadministrator *
> mailto:spa...@jo... *
> * Jobs & Adverts AG * www.jobpilot.de * www.jobpilot.com *
> * Europe's career market on the Internet *
> * Siemensstrasse 15-17 * D-61352 Bad Homburg * Germany
> * fon: + 49.6172.919-401 * fax: + 49.6172.919-540
> * Frankfurt * Zuerich * Wien * Paris * Goeteborg
> * Warschau * Barcelona * Prag * Mailand * London
> * Oslo * Amsterdam * Bruessel * Budapest * Kopenhagen
> * Bangkok * Singapur * Kuala Lumpur
|
|
From: Alexander S. <spa...@jo...> - 2000-11-08 19:19:44
|
Hello!
We have a problem with zipsecure, which is used by AMaVis V2.1. We have
a self extracting archive - bob.exe. This archive contains the library
"zlib.dll". If zipsecure comes to this file, it is getting into an
endless loop while using a lot of CPU-time doing not much.
If i compile zipsecure in debug-mode i get the following output:
># zipsecure < zlib.dll > /dev/null
>Little Endian
>Magic at offset 0x820e -
>CentralDir: Offset=1944605008 (73e85150) - 1944605008 (73e85150)
>changing "üÿÿf?ÀtfËÿ<E" to "y26335.0"
>> here i have to break the execution....
It seems that the program tries to rename a non existing file. I have
made the following change in the function "LoadCentralDirEntry" as a
quick workaround for our company:
># diff zipsecure.c.BAK zipsecure.c
>281c281
>< for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy; ToCopy-=i ) {
>---
>> for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy && ! feof(fpin); ToCopy-=i ) {
Can someone bring this workaround into a well working patch for
zipsecure V1.5?
Thanx
Alex Spannagel
--
* Alexander Spannagel * Networkadministrator *
mailto:spa...@jo... *
* Jobs & Adverts AG * www.jobpilot.de * www.jobpilot.com *
* Europe's career market on the Internet *
* Siemensstrasse 15-17 * D-61352 Bad Homburg * Germany
* fon: + 49.6172.919-401 * fax: + 49.6172.919-540
* Frankfurt * Zuerich * Wien * Paris * Goeteborg
* Warschau * Barcelona * Prag * Mailand * London
* Oslo * Amsterdam * Bruessel * Budapest * Kopenhagen
* Bangkok * Singapur * Kuala Lumpur
|
|
From: Peter H. <hue...@si...> - 2000-10-02 12:28:33
|
I have been using AMaViS for a week or so now, and a number of problems have cropped up. One is taht the smartlist mailinglist programm can't deliver mails any longer, I had to make the spool directories world writable to allow the mailing list program to deliver mails. Before that the spool directories belonged to root:root and it worked fine. Any idea what I may have wrong for that to appear? The other problem is the following and I remember reading something about it, but can't find it any more. I get the following message back from the mailer: ----- Transcript of session follows ----- 554 b.mair@ok-centrum... Cannot send 8-bit data to 7-bit destination 501 b.mair@ok-centrum... Data format error --SAA08601.969986446/eddie.ok-centrum.at Content-Type: message/delivery-status Any idea what I need to change for that. This is rather urgent. The mhonarc program worked fine too, but now I had to change the permissions for the webdirectory as not the user is the one who starts the programs but "daemon" seems to do it all now. Only when I give daemon the write to write in the directory does mhonarc deliver the works. I have noticed that ever since I use AMaViS mail does not seem to be delivered by the person who sends it, but by the daemon. Is that the way it is supposed to be? I seemt o have broken rather a lot after installing amavis and it is rather a pain. Please help, if you can! .peter |
|
From: Rainer L. <li...@su...> - 2000-10-01 15:55:46
|
Hi! The following two patches should fix the two issues * tnef 0.13 changed the help page, so the detection if the installed tnef is the one von Mark Simpsons fails. * tnef files are not handled at all. Copy configure.in.patch in the root directory of the AMaViS 0.2.1-pre3 source directory and scanmails.in.patch into src/scanmails/. Don't forget to call ./reconf from the root directory of the source tree for re-creating configure. If configure and/or make does not work correctly afterwards, please read BUGS. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts li...@su... | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder Linux AntiVirus Project (lavp.sourceforge.net) |
|
From: Lars H. <lhe...@nm...> - 2000-08-02 18:33:44
|
===========================================================================
AMaViS Security Announcement
Date: 08/02/2000
affected version(s): all releases of AMaViS including amavis-perl
Vulnerability Type: amavis can lose parts of email messages
Priority: urgent
Solution: apply patch
Author: Lars Hecking <lhe...@nm...>
Advisory ID: ASA-2000-4
---------------------------------------------------------------------------
1. Problem description
In some configurations, e.g. relay type setups, scanmails/amavis is using
sendmail or other MTA's sendmail wrappers to reinject scanned emails back
into the mail system. If an email message contains a single dot on a line
by itself, the sendmail program/wrapper will truncate that message at the
dot, as amavis/scanmails fails to call sendmail with the "IgnoreDots" cmd
line option (-i).
2. Impact
Obvious. All parts of an email message after and including a solitary dot
are lost. This problem affects all setups where mail leaves amavis through
sendmail or a sendmail-compatible wrapper. In particular, all dual-postfix
setups as described in amavis-perl's README.postfix are affected.
3. Solution
3.1 amavis-perl
Locate the following code in the amavis-perl script
if ($LDA eq "$sendmail_wrapper") {
unshift(@LDAARGS, "-f");
} else {
@LDAARGS = ();
}
and change it to
if ($LDA eq "$sendmail_wrapper") {
unshift(@LDAARGS, "-f");
unshift(@LDAARGS, "-oi ");
} else {
@LDAARGS = ();
}
3.2 All non-perl versions of amavis
Apply the attached patch to the scanmails script. It should apply ok with
more or less fuzz.
4. Acknowledgement
I discovered this by accident after receiving a mail message on the
postfix-users mailing list which quoted more parts of another message
than I remembered getting. Rainer Link provided the patch for scanmails.
5. References
https://sourceforge.net/projects/amavis/
6. Revision History
08/02/2000: initial release
===========================================================================
|
|
From: Rainer L. <li...@su...> - 2000-07-29 17:45:37
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AMaViS Security Announcement
Date: 07/29/2000
affected version(s): AMaViS 0.2.1-pre1 if metamail is used
Vulnerability Type: AMaViS is configured with the wrong
switches for metamil / no mail splitting
no virus detection possible
Priority: urgent
Solution: checkout latest sources from CVS or download
at least configure.in from cvsweb.amavis.org
Author: Rainer Link <li...@su...>
Advisory ID: ASA-2000-3
- ---------------------------------------------------------------------------
1. Problem description
AMaViS 0.2.1-pre1 uses either metamail or reformime to split
an eMail message in its parts, which will be saved in
/var/tmp/scanmails<pid>/unpacked
Due to a stupid bug AMaViS will use the run-time switches for
reformime although metamail is used.
Here is a short explanation why this happens:
./configure will detect metamail, create config.cache and create
src/scanmails/scanmails correctly, this means metamail is used and
the correct run-time flags for metamail, too.
make calls ./configure --recheck, configure uses for speed reasons
the cached variables, but the check if metamail or reformime is used
fails now. Therefore src/scanmails/scanmails is created for use with
metamail *but* with the run-time flags for reformime.
2. Impact
As AMaViS (scanmails) uses the wrong run-time parameters, a mail is
not splitted and /var/tmp/scanmails<pid>/unpacked is *always*
empty. Therefore no virus will be detected at all.
3. Solution
Either checkout the latest sources from our CVS server at
http://sourceforge.net/projects/amavis/ or download at least
configure.in from http://cvsweb.amavis.org/. The direct
link is http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/~checkout~
/amavis/configure.in?rev=1.9&content-type=text/plain&cvsroot=amavis
If you download only configure.in, please do a ./reconf (it may
give you three warnings, but they can be ignored).
Remove config.cache, if this file does exits.
Then re-run ./configure with the configure options you need and do
a make && make install.
NOTE: After every update of either AMaViS or used virus scanner(s),
please test if everything works correctly be sending a mail with the
EICAR testfile virus, which can be found at
http://www.eicar.com/anti_virus_test_file.htm
4. Acknowledgment
I would like to thank Tilo Lutz who first reported to us that no virus
was discovered when metamail is used. As this was my bug, I
apologize for any inconveniences.
5. References
6. Revision History
07/29/2000: initial release
===========================================================================
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O
yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB
RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o
pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx
JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4
g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8
x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ
+U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv
0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl
cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE
AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ
AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX
VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/
g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r
UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V
IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe
e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E
K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r
IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ
EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX
qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl
PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45
eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS
FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz
uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL
FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN
IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo
nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii
5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw
2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR
3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM
UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb
dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S
fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA
BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ
VrZ22GYrSJJn3sNjQKAHd3w=
=Fsd9
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5gxczmxoFTBO0QHkRAix/AJ9zkZtogMbgXrQfOHGj9MF/Ug4rhwCfa+cU
ZsYjC4CCJuyuwnjLkvPFLR8=
=8ZNt
-----END PGP SIGNATURE-----
--
Rainer Link, SuSE GmbH, eMail: li...@su..., Web: www.suse.de
Developer of A Mail Virus Scanner (AMaViS): http://amavis.org/
Founder of Linux AntiVirus Project: http://lavp.sourceforge.net/
|
|
From: Rainer L. <li...@su...> - 2000-07-27 15:31:34
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AMaViS Security Announcement
Date: 07/27/2000
affected version(s): AMaViS 0.2.0-pre6-clm-rl-8-04-07-2000 and later
if reformime below 1.01 is used
(AMaViS-Perl is NOT affected)
Vulnerability Type: attacker could pass virus through AMaViS /
Denial-of-Service attack against AMaViS
Priority: urgent
Solution: apply patch / update reformime
Author: Rainer Link <li...@su...>
Advisory ID: ASA-2000-2
- ---------------------------------------------------------------------------
1. Problem description
AMaViS uses reformime, part of the maildrop package, to split
eMail messages in its parts.
reformime version below 1.0 (tested with 0.76b) overwrite files
with the same file names.
reformime version 1.0 tries to avoid overwritting files but a bug
causes an endless loop.
2. Impact
reformime below 1.0: an attacker can create an eMail message with two
attachments with the same file name. The first file contains a virus,
the second one is clean. reformime overwrites the first one with the
second. Therefore no virus is detected and the mail will be delivered
to user(s).
reformime 1.0 tries to avoid clobbering of existing files but due
to a bug it will end up in an endless loop. This could be used as
a denial-of-service attack against AMaViS.
3. Solution
Apply the provided patch for reformime 1.0. Or update to maildrop 1.01,
which will be released soon according to the author.
Or if possible use AMaViS-Perl instead, which uses a Perl module for
MIME handling.
4. Acknowledgment
This bug was discovered by Rainer Link. We would like to thank Sam
Varshavchik, the author of maildrop, for providing a patch quickly.
5. References
reformime, part of the maildrop package, can be found at
http://www.flounder.net/~mrsam/maildrop/
6. Revision History
07/27/2000: initial release
===========================================================================
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O
yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB
RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o
pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx
JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4
g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8
x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ
+U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv
0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl
cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE
AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ
AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX
VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/
g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r
UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V
IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe
e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E
K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r
IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ
EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX
qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl
PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45
eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS
FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz
uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL
FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN
IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo
nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii
5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw
2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR
3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM
UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb
dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S
fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA
BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ
VrZ22GYrSJJn3sNjQKAHd3w=
=Fsd9
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5gFSamxoFTBO0QHkRAgLyAKC1i59LIB07e5V9r+wIg9kR3Dp6aQCfR3Nb
p8/9+2qTYbOksmM+9uGIeuM=
=bpQK
-----END PGP SIGNATURE-----
--
Rainer Link, SuSE GmbH, eMail: li...@su..., Web: www.suse.de Developer
of A Mail Virus Scanner (AMaViS): http://amavis.org/ Founder of Linux
AntiVirus Project: http://lavp.sourceforge.net/
|
|
From: Rainer L. <li...@su...> - 2000-07-27 15:28:18
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================================
AMaViS Security Announcement
Date: 07/27/2000
affected version(s): all AMaViS releases using metamail, in detail
all release versions up to 0.2.0-pre6
all release versions 0.2.0-pre6-clm up
to 0.2.0-pre6-clm-rl-8
all CVS version before
0.2.0-pre6-clm-rl-8-04-07-2000
(AMaViS-Perl is NOT affected)
Vulnerability Type: some eMail worms (i.e. KAKworm) may not be
detected
Priority: urgent
Solution: update to latest CVS version, install reformime
Author: Rainer Link <li...@su...>
Advisory ID: ASA-2000-1
- ---------------------------------------------------------------------------
1. Problem description
AMaViS uses metamail do split a eMail message in its parts, i.e. the mail
body and the attachment file(s).
The file(s) are written to the directory /var/tmp/scanmails<pid>/unpacked
by default.
As metamail is very old and as it seems not maintained anymore, it is not
able to handle MIME multipart/alternative messages. Such a message
contains a plain ASCII text body part and a HTML body part, which is
created e.g. by Netscape Messanger if "Message Formatting" is set to
"Send the message in plain text and HTML".
Therefore /var/tmp/scanmails<pid>/unpacked is empty and no known
virus/worm will be detected.
2. Impact
It is possible that a known virus/worm is not detected and an infected
eMail is delivered to the user. We got reports that this has happend
with the KAKworm.
3. Solution
Since AMaViS 0.2.0-pre6-clm-rl-8-04-07-2000 it is possible to use
reformime as a replacement for metamail. reformime comes within the
maildrop package. ./configure looks first for reformime, therefore if
it's installed, AMaViS will use it.
Or if pssible use AMaViS-Perl instead, which uses a Perl module for
MIME handling.
4. Acknowledgment
I would like to thank Craig Baird who first reported this problem to me
and helped to track it down.
5. References
metamail can be found at ftp://thumper.bellcore.com/pub/nsb/
reformime, part of the maildrop package, can be found at
http://www.flounder.net/~mrsam/maildrop/
To checkout the latest CVS version of AMaViS please visit
http://sourceforge.net/projects/amavis
6. Revision History
07/27/2000: initial release
============================================================================
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O
yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB
RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o
pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx
JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4
g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8
x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ
+U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv
0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl
cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE
AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ
AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX
VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/
g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r
UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V
IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe
e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E
K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r
IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ
EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX
qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl
PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45
eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS
FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz
uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL
FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN
IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo
nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii
5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw
2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR
3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM
UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb
dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S
fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA
BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ
VrZ22GYrSJJn3sNjQKAHd3w=
=Fsd9
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5gFSNmxoFTBO0QHkRAs09AKCQSuoyNUI7ysM0FgpYQX2bCptQJACgs/CW
VBx1/pSZY0+ITGUDnmJ0p1A=
=0wBK
-----END PGP SIGNATURE-----
--
Rainer Link, SuSE GmbH, eMail: li...@su..., Web: www.suse.de
Developer of A Mail Virus Scanner (AMaViS): http://amavis.org/
Founder of Linux AntiVirus Project: http://lavp.sourceforge.net/
|