Update (daily: 123)

ClamAV database updated (2004.02.05 21:52 GMT): daily.cvd, viruses.db2
Version: 123

Submission: 791-web
Sender: Matthias Meyser
Virus: Worm/Sober
Added: No - Submission contained an empty file (0 byte).

Submission: 903-web
Sender: Tosing
Virus: BAT_INA.A
Alias: BAT/Jerm (RAV), BAT.Generic.74 (DrWeb),
mirc/generic (McAfee), Worm/Ina.4 (AntiVir),
BAT/Eris.B (F-Prot),I-Worm.Baatezu (KAV)
Added: Worm.Baatezu

Submission: 905-web, 906-web, 907-web
Sender: Andrey Malyshev
Virus: false Worm.Gibe.F
Added: no
Note: The signature matches against the mail itself, it wont cause any
false alerts and recognize the mail sent by Gibe.F - even if the
binary was removed or broken.

Submission: 914-web, 924-web
Sender: Oguz Yilmaz, Ales Casar
Virus: Joke.Scroll-A
Added: Joke.Scroll.A

Submission: 918-web
Sender: Oguz Yilmaz
Virus: W32.Yaha-J
Alias: W32/Lentin.J@mm (F-Prot),Worm/Yaha.J2 (AntiVir),
Win32/Yaha.J@mm (RAV), I-Worm.Lentin.h (KAV),
Win32.HLLM.Yaha.64100 (DrWeb)
Added: Worm.Yaha.J

Submission: 923-web
Sender: Oguz Yilmaz
Virus: Troj.Deltree-Q
Alias: Trojan.Win32.DelWin.j (KAV), del-340 (McAfee), Win32/Deltree.J (RAV)
Added: Trojan.W32.DelWin.J

Submission: 943-web, 953-web
Sender: Clive ZHU
Virus: W32.HLLW.Lovgate.B@mm
Alias: Win32.HLLM.Lovgate.1 (Dr.Web), I-Worm.LovGate.a (KAV),
Win32/Lovgate.B@mm (RAV), Worm/Lovgate.A.1 (AntiVir), W32/VMEWorm.A (F-Prot)
Added: Worm.LovGate.A, Worm.LovGate.A-dll

Submission: 944-web
Sender: Clive ZHU
Virus: Backdoor.IRC.Cirebot
Alias: IRC/SdBot (RAV), BackDoor.IRC.Sdbot.based (DrWeb),
Backdoor.IRCBot.gen (KAV), w32/lolol.worm.gen (McAfee)
Added: Trojan.IRCBot.gen

Submission: 954-web
Sender: Chris Fletcher
Virus: Win32.KWbot.P
Alias: BackDoor.IRC.Sdbot.based  (DrWeb), Backdoor.SdBot.gen (KAV),
Backdoor:IRC/SdBot (RAV)
Added: Trojan.SdBot.gen

Submission: 960-web
Sender: Tomasz Formanowski
Virus: Various
Added: no
Note: The archiv contains 9 Samples of SCO.A, Swen and
Dumaru.j. Clam wasn´t able to detect them because 
they are encrypted with 'CryptFF'. I wasn´t able to 
find something about this encryption, but i guess it´s
something an av-vendor uses for quarantined files 
to avoid a detection. (Norton and Eset do this afaik).

Submission: 984-web
Sender: Hayley Edelmann
Virus: n/a
Note: I informed the sender about the cause of the "false detection".
The submitted file was not infected and did not cause any alert by
clam.

Submission: 990-web
Sender: Alexander Beyn
Virus: unknown
Added: W32.FuBu
Note: I couldn´t find a scanner that is able to detect it. The
file was examined and is a virus, i decided to name it W32.FuBu for
now, could be changed later.

Submission: n/a
Sender: Christoph
Virus: Various
Added:
VirTool.Bat.BTG.03
W16.Gollum
DoS.Fedup.20
Trojan.Katien.A
Worm.Hotlix
Trojan.PSW.KeyLogger.10
Trojan.W32.Makecall.A
Trojan.W32.Fakeyah.A

-- 
Best regards,
 Christoph Cordes                   mailto:ib@xxxxxxxxxxxxxx



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn