As this is first time ClamAV has had an external dependency, would it be worth making it an opt-out configure option for people who can't get it to compile or who have to rely on an older/incompatible version of OpenSSL? Mark