diff --git a/clamav-0.95.2.tar.bz2 b/clamav-0.95.2.tar.bz2
deleted file mode 100644
index 54b8233..0000000
--- a/clamav-0.95.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0466f1f65a4a477dba387bdc64736a00167ebcc64f87f5901c9c62959707c90e
-size 24979140
diff --git a/clamav-0.95.3.tar.bz2 b/clamav-0.95.3.tar.bz2
new file mode 100644
index 0000000..773ba01
--- /dev/null
+++ b/clamav-0.95.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c089f2ea6debb74cc6eefca1e96c77ba23f94e5f3e7ad6b7940ede3fc17e489
+size 26756338
diff --git a/clamav-valgrind.patch b/clamav-valgrind.patch
deleted file mode 100644
index b57a112..0000000
--- a/clamav-valgrind.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- unit_tests/valgrind.supp
-+++ unit_tests/valgrind.supp
-@@ -335,6 +335,12 @@
-     Helgrind:Race
-     fun:recvloop_th
- }
-+{
-+   glibc-iconv_open
-+   Memcheck:Addr4
-+   obj:/lib*/ld-2.8.90.so
-+}
-+
- #{
- #	helgrind-glibc27-dbg18
- #	Helgrind:Race
diff --git a/clamav.changes b/clamav.changes
index 8789506..d94fbc5 100644
--- a/clamav.changes
+++ b/clamav.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Oct 29 11:32:57 CET 2009 - max@suse.de
+
+- Bugfix release 0.95.3 (bnc#550929)
+- Changes include:
+  * Fix various error path leaks.
+  * Drop hardcoded offset limits for embedded objects.
+  * Fix matching of logical sigs.
+  * Fix handling of broken .ldb sigs.
+  * Improve handling of PDF files.
+  * Work around possible race condition during db updates.
+  * Fix detection of encrypted zip files embedded into other files.
+  * Properly handle clamd disconnection in clamav-milter.
+
 -------------------------------------------------------------------
 Wed Jun 17 12:27:48 CEST 2009 - max@suse.de
 
diff --git a/clamav.spec b/clamav.spec
index be6f423..e47f6a5 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package clamav (Version 0.95.2)
+# spec file for package clamav (Version 0.95.3)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -30,7 +30,7 @@ BuildRequires:  check-devel pwdutils
 %define clamav_check --disable-check
 %endif
 Summary:        Antivirus Toolkit
-Version:        0.95.2
+Version:        0.95.3
 Release:        1
 License:        GPL v2 only
 Group:          Productivity/Security
@@ -48,7 +48,6 @@ Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
-Patch3:         clamav-valgrind.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -97,7 +96,7 @@ Authors:
     Nigel Horne
 
 %package db
-License:        BSD 3-Clause; GPL v2 or later; LGPL v2.1 or later; Public Domain, Freeware; X11/MIT
+License:        BSD 3-clause (or similar) ; GPL v2 or later ; LGPL v2.1 or later ;  Public Domain, Freeware ; MIT License (or similar)
 Group:          Productivity/Security
 Summary:        Virus Database for ClamAV
 PreReq:         clamav sed /bin/cp /usr/bin/awk /bin/rm
@@ -121,7 +120,6 @@ Authors:
 # SLES9's libmilter doesn't have smfi_insheader()
 %patch2
 %endif
-%patch3
 
 %build
 %if 0%{?suse_version} >= 1010
@@ -294,345 +292,3 @@ for f in main daily; do
 done
 
 %changelog
-* Wed Jun 17 2009 max@suse.de
-- clamav-sles9.patch: smfi_insheader() doesn't exist in libmilter
-  on SLES9, so we revert a recent change that introduced its
-  usage to improve the handling of DomainKeys Identified Mail.
-* Mon Jun 15 2009 max@suse.de
-- Security release: 0.95.2 (bnc#511963).
-* Tue Apr 14 2009 max@suse.de
-- Security release: 0.95.1 (bnc#493562)
-* Mon Apr 06 2009 max@suse.de
-- Version 0.95 also fixes two security issues:
-  bnc#491935 and bnc#491938.
-- Removed unneeded tcpd build dependency.
-- Removed obsolete configure switches.
-- ncurses-devel is needed for building clamtop.
-- Patched clamav-milter up to the latest upstream version to fix
-  the non-detection of virus code outside of attachments.
-  (bnc#445137)
-- Improved rcclamd to print a more instructive message when the
-  virus database files are missing.
-* Tue Mar 24 2009 max@suse.de
-- New version 0.95 (bnc#488317):
-  * clamav-milter got rewritten. Standalone mode got dropped and
-  using multiple instances of clamd in parallel got added for
-  load sharing and fail-safety. The command lin
-  * Changes to the libclamav API will make future changes less
-  likely, but require adjustment of applications linking to
-  libclamav.
-  * Numerous other bug fixes and improvements.
-  * libGMP is no longer needed.
-- Drop support for versions older than 9.1/SLES9.
-- Improve init script of clamav-milter (bnc#445137).
-* Mon Dec 01 2008 max@suse.de
-- New version 0.94.2 fixes recursion limits in JPEG scanning code
-  (bnc#450207).
-* Tue Nov 11 2008 max@suse.de
-- Version 0.94.1 also fixes bnc#443311.
-- Disabled valgrind tests again, as they show false positives with
-  current glibc.
-* Fri Nov 07 2008 max@suse.de
-- New bugfix release: 0.94.1:
-  * daily.ign was overwriting local.ign
-  * vba_extract.c: get_unicode_name off-by-one
-  * Don't execute special events twice in interactive mode
-  * Fix leak on rare error path in clamd/scanner.c.
-  * Fix URL parsing in phishing checks.
-  * Improve the javascript scanner.
-  * Fixes to bzip2 uncompression.
-  * Properly close descriptors before forking in clamav-milter.
-  * enable ScanPDF by default
-  * Testsuite improvements
-  * Many more minor bug fixes.
-- Fix pid file format of clamav-milter.
-- Improve clamav-milter configuration and init script (bnc#347684).
-- Suppressing valgrind error on iconv_open.
-* Mon Sep 29 2008 max@suse.de
-- Limit valgrind to i586 and x86_64.
-* Wed Sep 03 2008 max@suse.de
-- Added check-devel and valgrind to BuildRequires for 10.3 and
-  newer to support the new unit testing feature. This does not
-  add new runtime dependencies.
-- New version: 0.94:
-  * fix out-of-memory null dereferenc (bb#1141)
-  * fix possible invalid memory access (bb#1089)
-  * fix error path memleaks and fd leaks (bb#1141)
-  * Logical Signatures: The logical signature technology uses
-  operators such as AND, OR and NOT to allow the combination
-  of more than one signature into one entry in the signature
-  database resulting in more detailed and flexible pattern
-  matching.
-  * Anti-phishing Technology: Users can now change the priority
-  and reporting of ClamAV's heuristic anti-phishing scanner
-  within the detection engine process.
-  * Disassembly Engine: The initial version of the disassembly
-  engine improves ClamAV's detection abilities.
-  * PUA Detection: Users can now decide which PUA signatures
-  should be loaded
-  * Data Loss Prevention (DLP): This version includes a new
-  module that, when enabled, scans data for the inclusion of
-  US formated Social Security Numbers and credit card numbers.
-  * IPv6 Support: Freshclam now supports IPv6
-  * Improved Scanning of Scripts: The normalization of scripts
-  now covers JavaScript
-  * Improved QA and Unit Testing: The improved QA process now
-  includes API testing and new library of test files in
-  various formats that are tested on a wide variety of systems.
-* Tue Jul 08 2008 max@suse.de
-- New version 0.93.3 (bnc#406994):
-  * make sigtool compatible with the new OLE2 scan scheme (bb#1086)
-  * add missing checks for recv() failures (bb#1079)
-  * add missing check for file open failure (bb #1083).
-  * fix handling of nodes which also match single bytes (bb#1054)
-  * libclamav: faster loading of uncompressed .cld files, also
-  fixes bb#1064
-  * freshclam/manager.c: add missing closesocket on error path
-  (bb #1073).
-* Mon Jun 16 2008 max@suse.de
-- Security update 0.93.1 (bnc#399302, CVE-2008-2713)
-- Improved clamav-milter configuration and init script (bnc#382907)
-* Fri Apr 18 2008 max@suse.de
-- Convert the database to the new format instead of running
-  freshclam to re-fetch it (bnc#380787).
-- Added main.cld and daily.cld as %%ghost
-- Refined the logic in %%post of clamav-db as to when the dist
-  files need to get copied over.
-* Tue Apr 15 2008 max@suse.de
-- Security update 0.93 (bnc#350987, bnc#368963).
-- CVE-2007-6595: symlink attack on temporary files
-- CVE-2007-6596: recognize Base64 UUEncoded archives
-- CVE-2008-1100: Buffer overflow in the cli_scanpe function.
-- Remove bogus dependencies from libclamav.pc (bnc#196236)
-- Run freshclam on update before restarting clamd to convert the
-  database into the new format.
-* Wed Feb 13 2008 max@suse.de
-- Security update 0.92.1: (bnc#361374)
-  * CVE-2008-0318: libclamav PE File Integer Overflow Vulnerability
-  * CVE-2008-0728: heap corruption
-* Tue Jan 15 2008 aj@suse.de
-- Fix open call to build again.
-* Fri Dec 14 2007 max@suse.de
-- Security update 0.92 (#343277):
-  * CVE-2007-6335 - MEW PE File Integer Overflow
-  * CVE-2007-6336 - Off-by-one error in LZX_READ_HUFFSYM()
-  * CVE-2007-6337 - bzlib issue
-- Make clamd error out if /dev/null can't be opened (#300019).
-* Mon Nov 05 2007 max@suse.de
-- Added sendmail and sendmail-devel to BuildRequires.
-- Enabled clamav-milter and added an init script for it.
-  (fate#302362)
-* Tue Aug 21 2007 max@suse.de
-- Bugfix update 0.91.2.
-- Fixes some NULL dereferences and variable initialisation problems
-- Fix some rpmlint warnings in init scripts.
-* Thu Aug 09 2007 max@suse.de
-- Inform the user that to use Clamuko, clamd needs to run as root,
-  so that it can read the files it needs to scan (#201730).
-* Tue Jul 17 2007 max@suse.de
-- Stability and bugfix update: 0.91.1 (#292297)
-- Run ldconfig on (un)installation.
-- Make %%check conditional to fix building on SLES8.
-* Sun Jul 15 2007 lrupp@suse.de
-- add zlib-devel to build requires
-- suppress some false positives from rpmlint
-- added %%check section and remove unneeded INSTALL file from %%doc
-* Wed Jul 11 2007 max@suse.de
-- Update to version 0.91 (#289830)
-- improved handling of .mdb files (fixes long startup times)
-- Adds anti-phishing support
-- unpacker for NSIS (Nullsoft Scriptable Install System)
-  self-extracting archives
-- unpacker for ASPack 2.12
-- new implementation of the Aho-Corasick pattern matcher providing
-  better detection for wildcard enabled signatures
-- support for nibble matching and floating offsets
-- extraction of PE files embedded into other executables
-- better handling of PE & UPX
-- removed dependency on libcurl (improves stability)
-- many other improvements and bugfixes
-* Thu May 31 2007 max@suse.de
-- Security update: 0.90.3 (#279536)
-- libclamav/unsp.c: fix end of buffer calculation (bb#464)
-- libclamav/others.c: use strict permissions (0600) for temporary files
-  created in cli_gentempstream() (bb#517).
-- libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted
-  rar archive, better handle truncated files
-- libclamav/phishcheck.c: isURL() regex execution hangs on Solaris
-- libclamav/ole2_extract.c: detect block list loop (bb#466)
-* Fri Apr 13 2007 max@suse.de
-- Security update: 0.90.2 (#264189)
-- CVE-2007-1997: CAB File Unstore Buffer Overflow Vulnerability
-- CVE-2007-1745: file descriptor leak in CHM handler
-- File descriptor leaks in libclamav/pdf.c and libclamav/lockdb.c
-* Mon Mar 05 2007 max@suse.de
-- Extended the database presence check in rcclamd to accept the
-  main.inc directory in addition to the main.cvd file, because
-  freshclam can delete the file during a scripted update.
-* Fri Mar 02 2007 max@suse.de
-- Update to version 0.90.1 (#250566)
-- Some bug fixes and code improvements
-- Bumps the version of libclamav's soname, which should have been
-  done in 0.90 already.
-* Tue Feb 20 2007 max@suse.de
-- Update to version 0.90 (#246214) to fix two Vulnerabilities:
-  - CAB File Denial of Service (CVE-2007-0897)
-  - MIME Parsing Directory Traversal (CVE-2007-0898)
-- Other changes of 0.90 include:
-  - Changed config file syntax (automatic conversion is done by the
-  RPM on update)
-  - New unpacker for RAR3, RAR2 and RAR1
-  - Rewritten unpackers for Zip and CAB files
-  - Support for RAR-SFX, Zip-SFX and CAB-SFX archives
-  - New PE parsing model
-  - Support for PE32+ (64-bit) executables
-  - Support for MD5 signatures based on PE sections (.mdb)
-  - ELF file parser
-  - Support for Sensory Networks' NodalCore hardware acceleration
-  technology
-  - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
-  - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
-  - Support for new packers: NsPack, wwpack32, MEW, Upack
-  - Support for SIS files (SymbianOS packages)
-  - Support for PDF and RTF files
-  - TCP and local sockets can be operated simultaneously
-  - New command: MULTISCAN (scan directory with multiple threads)
-- There where also some API/ABI changes which might affect packages
-  that link against libclamav. Affected functions are: cl_loaddb,
-  cl_loaddir and cl_scanbuff.
-- Cleaned up daemonizing of clamd and freshclam.
-* Tue Dec 12 2006 max@suse.de
-- Security update: 0.88.7 (#227827, CVE-2006-5874)
-  - handle consecutive errors in base64 decoding
-  - honour recursion limit when scanning email messages
-  - clamscan: new option --mail-max-recursion
-  - libclamav/untar.c: honour archive limits
-* Tue Nov 07 2006 max@suse.de
-- Add homedir of user vscan to the package (FATE300731).
-* Mon Nov 06 2006 max@suse.de
-- Bugfix release: 0.88.6 (#218313)
-- freshclam: apply timeout patch from Everton da Silva Marques
-  (new options: ConnectTimeout and ReceiveTimeout)
-- clamd: change stack size at the right place (closes bug#103)
-- libclamav/petite.c: sanity check the number of rebuilt sections
-  (speeds up handling of malformed files)
-* Tue Oct 17 2006 max@suse.de
-- Bugfix release 0.88.5 fixes two serious security issues.
-  [#212898], CVE-2006-4182, CVE-2006-5295
-* Tue Aug 08 2006 lnussel@suse.de
-- New version 0.88.4 fixes heap overflow in UPX decoder
-* Thu Jul 06 2006 max@suse.de
-- Bugfix release 0.88.3:
-  - fix possible false matches of alternatives
-  - Large binhex files were not being handled gracefully.
-  - fix zero allocation warning
-- Added bc and pkgconfig to BuildRequires to fix curl version
-  detection.
-- Prevent a file conflict on the database files when main and db
-  packages of different versions are installed.
-- Renamed clamav.conf to clamd.conf for SLES9.
-- Added the db subpackage to SLES9.
-- Bugzilla: 190647
-* Tue May 02 2006 max@suse.de
-- New version: 0.88.2
-- Fixes a buffer overflow in freshclam's get_database function
-  (CVE-2006-1989, Bug #171496).
-* Mon Apr 10 2006 meissner@suse.de
-- Fixed several implicit warnings which lead to failures
-  on 64bit platforms.
-* Wed Apr 05 2006 max@suse.de
-- New version: 0.88.1, fixes several security issues:
-  CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039.
-* Thu Feb 09 2006 max@suse.de
-- Removed unneeded dependencies from the init script to break a
-  dependency loop.
-* Wed Jan 25 2006 mls@suse.de
-- converted neededforbuild to BuildRequires
-* Sat Jan 14 2006 kukuk@suse.de
-- Add gmp-devel to nfb
-* Thu Jan 12 2006 max@suse.de
-- Added gcc-4.1 stack protection (-fstack-protector).
-* Mon Jan 09 2006 max@suse.de
-- New version: 0.88 (Bug #142298).
-* Mon Nov 07 2005 lnussel@suse.de
-- Security update: version 0.87.1 (#132305, CVE-2005-3239,
-  CVE-2005-3303)
-* Mon Sep 19 2005 max@suse.de
-- New version: 0.87 (bug #117648).
-* Mon Jul 25 2005 max@suse.de
-- New version: 0.86.2
-* Thu Jul 14 2005 max@suse.de
-- New version: 0.86.1
-* Tue Jun 21 2005 max@suse.de
-- New version: 0.86
-* Tue May 17 2005 max@suse.de
-- New version: 0.85.1 (Bug #81264).
-* Wed May 11 2005 max@suse.de
-- New version: 0.85 (Bug #81264).
-* Tue May 03 2005 max@suse.de
-- New version: 0.84 (Bug #81264).
-- Added and special-cased the patch that is needed for 9.1/SLES9.
-* Fri Mar 11 2005 max@suse.de
-- Fixed %%doc file list (wildcards matched too much).
-* Mon Feb 28 2005 max@suse.de
-- New version: 0.83
-* Mon Feb 07 2005 max@suse.de
-- New version: 0.82
-* Thu Jan 27 2005 max@suse.de
-- New version: 0.81
-* Thu Nov 11 2004 max@suse.de
-- pkgconfig files go to libdir rather than /usr/lib.
-* Thu Nov 11 2004 coolo@suse.de
-- fixing file list for debug packages
-* Wed Nov 03 2004 max@suse.de
-- Fixed path to freshclam in init script, and rcfreshclam link.
-* Mon Oct 18 2004 max@suse.de
-- Updated to the final 0.80 release.
-- Added a runlevel script for freshclam.
-* Mon Oct 11 2004 max@suse.de
-- Updated to 0.80rc4.
-* Wed Sep 29 2004 max@suse.de
-- Updated to 0.80rc3. The README says:
-  "This release candidate eliminates possible false positive alerts
-  in UPX/FSG compressed files and clarifies behaviour of default
-  actions in clamd and freshclam."
-- This also eliminates the need to patch configure.in in order to
-  recognize resolv.
-* Thu Sep 23 2004 max@suse.de
-- Updated to 0.80rc2 which fixes a critical bug in the handling of
-  empty lines in text/plain emails.
-- Build with curl support.
-- Fixed building of shared libraries instead of static.
-- Removed unneeded %%run_ldconfig calls.
-- Fixed file lists.
-- Check for main.cvd instead of daily.cvd on daemon startup.
-* Mon Sep 20 2004 max@suse.de
-- Updated to version 0.80rc which adds support for more file
-  formats, and HTML parsing. See the README file for details.
-- Added a warning to the init script if no virus database is
-  installed.
-* Thu Aug 05 2004 max@suse.de
-- New version: 0.75.1
-- Moved the virus database files into a subpackage, as they are
-  large and not needed if the database is kept up to date with
-  freshclam.
-* Fri Jul 23 2004 max@suse.de
-- New version: 0.75
-* Thu Jul 08 2004 max@suse.de
-- Added -fno-strict-aliasing to CFLAGS.
-* Mon Jul 05 2004 max@suse.de
-- New version: 0.74
-* Tue Jun 15 2004 max@suse.de
-- New version: 0.73
-* Mon Apr 26 2004 max@suse.de
-- New version: 0.70
-- Changes the format of the virus definition file.
-* Mon Feb 16 2004 max@suse.de
-- New version: 0.67
-- Added support for tcpd (/etc/hosts.{allow,deny}).
-- Obsoletes clamav-manager.patch.
-* Fri Feb 13 2004 max@suse.de
-- New version: 0.66
-- Fixes a remote DoS vulnerability (Bug #34412).
-* Tue Jan 27 2004 max@suse.de
-- New package: ClamAV Anti-Virus Toolkit