Update (main: 24, daily: 398)

ClamAV database updated (2004.07.08 00:08 GMT): main.cvd, viruses.db
main.cvd version: 24; nr of signatures: 21793

ClamAV database updated (2004.07.08 00:34 GMT): daily.cvd, viruses.db2
daily.cvd version: 398; nr of signatures: 758

Signatures total: 22551

Submission: 2409-web, 2446-web
Sender: Gary Kobs, Hokan
Virus: false WM.Alliance.J
Added: n/a. False WM.Alliance.J signature removed.
Note: The samples were infected and improperly cleaned, thus matched.

Submission: 2693-web, 4188-web
Sender: Jason Haar, Gary Sullivan
Virus: false Exploit.DCOM.Gen
Added: n/a. The Exploit.DCOM.Gen signature moved to daily.cvd for further 
analysis.
Note: The sample is a tool for detecting systems unpatched against that DCOM 
vulnerability, thus it can match the signature.

Submission: 2479-web, 3155-web, 3901-web, 4059-web
Sender: Davide Diana, osele, Yasha Davidov, Stefan Kaltenbrunner
Virus: false W95.Elkern
Added: n/a. False W95.Elkern signature removed.
Note: W95.Elkern signature will be corrected but CVS version will be required.

Submission: 3151-web
Sender: Madrid
Virus: W32.Netsky.Z@mm
Note: Broken sample of Worm.SomeFool.Z. Signature updated to detect this 
damaged variant.
Added: Worm.SomeFool.Z
Note: Signature by Diego d'Ambra.

Submission: 3153-web
Sender: riccardo
Virus: false Trojan.URLspoof.gen
Added: n/a. Nothing detected by ClamAV, so not false.

Submission: 3154-web, 4064-web
Sender: Stefan Ring, Stefan Kaltenbrunner
Virus: false VirTool.DOS.Sfc
Added: n/a. False VirTool.DOS.Sfc signature removed, a corrected one added.
Alias: VirTools.SFC (Bitdefender)
Added: VirTool.DOS.Sfc

Submission: 3193-web, 3194-web
Sender: Richard Smith, Bjorn Mattsson
Virus: false Worm.Wallon.A-html
Added: n/a. The message contains a fragment of real worm HTML code.

Submission: 3526-web
Sender: Kestutis Snieska
Virus: false VBS.SSIWG
Added: n/a. As you wrote, not false, just other name in other scanner.

Submission: 3671-web
Sender: Reinin Oyama
Virus: false W32.Donut
Added: n/a. False W32.Donut signature removed. Good one was added in daily 337.

Submission: n/a
Sender: n/a
Virus: Goblin.1759
Added: n/a. Goblin.1759 signature improved to match variants.

Submission: 3830-web
Sender: Jon Suen
Virus: false W32.Magistr.A
Added: n/a. False W32.Magistr.A signature removed.

Submission: 3878-web
Sender: Pete Barnwell
Virus: false W32.CIH.1003
Added: n/a. The file contains virus code. Maybe improperly cleaned.

Submission: 3882-web
Sender: Sylvain Berge
Virus: false W32.A-Trojan
Added: n/a. False W32.A-Trojan signature removed.

Submission: 4020-web
Sender: Richard Narron
Virus: false Irish
Added: n/a. False Irish signature removed.

Submission: 4063-web
Sender: Stefan Kaltenbrunner
Virus: false Troj.WCrash
Added: n/a. Troj.WCrash signature temporarily moved to daily.cvd for further 
analysis.

Submission: 4087-web
Sender: Dan Dunham
Virus: false Joke.MoveMouse
Added: n/a. False Joke.MoveMouse signature removed.

Submission: 4105-web
Sender: Lee
Virus: false Possessed (damag.)
Added: n/a. False Possessed (damag.) signature removed.

Submission: 4125-web
Sender: Jason Crossley
Virus: false Trojan.SdBot.Gen-62
Added: n/a. False Trojan.SdBot.Gen-62 signature replaced with a corrected one.
Added: Trojan.SdBot.Gen-62

Submission: 4128-web
Sender: Jiri Demel
Virus: false Trojan.Annihilation
Added: n/a. False Trojan.Annihilation signature removed.

Submission: 4152-web
Sender: Peter Eriksson
Virus: false Trojan.Dropper.W32.Joiner.N
Added: n/a. False Trojan.Dropper.W32.Joiner.N signature removed.

Submission: 4154-web
Sender: Pawel Pesz
Virus: I-Worm.Bagle.z (Kaspersky)
Added: No. VBS.Bagle.AD.1 found.

Submission: 4173-web, 4196-web
Sender: Kevin Lacroix, James Farmer
Virus: false Trojan.Downloader.Small.GF
Added: n/a. False Trojan.Downloader.Small.GF removed.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@xxxxxxxxxxxx http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek@xxxxxxxxxx   http://www.ClamAV.net/   A GPL virus scanner


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com