Update (main: 25, daily: 461)

ClamAV database updated (2004.08.19 18:09 GMT): main.cvd, viruses.db
main.cvd version: 25; nr of signatures: 22812

ClamAV database updated (2004.08.19 18:43 GMT): daily.cvd, viruses.db2
daily.cvd version: 461; nr of signatures: 608

Signatures total: 23420

NOTE:

Signatures have been optimised to better perform with the Aho-Corasick
engine (scanning should be faster with only a little growth of memory
usage) but users are encouraged to install the more advanced and memory
efficient CVS version anyway.


Submission: 4200-web
Sender: Srikrishnan
Virus: false W32.Nimda.eml
Added: n/a. Not false. The file contains binary fragments of viruses.

Submission: 4266-web
Sender: Ho Chan
Virus: false Trojan.Startpage.gen-17
Added: n/a. Not false. The message contains the trojan code.

Submission: 4271-web
Sender: Erwin Rennert
Virus: false Oversized.Zip
Added: n/a. Not a false positive. The sample contains a TIF file compressed 
5404334:26041~=208. This is a configuration issue. See --max-ratio or 
ArchiveMaxCompressionRatio options.

Submission: 4463-web
Sender: Peter Eriksson
Virus: false VBS.Stuck.b
Added: n/a. The false signature of VBS.Stuck.b removed.

Submission: 4500-web
Sender: CyberRax
Virus: false Armageddon.B
Added: n/a. The false signature of Armageddon.B removed.

Submission: 4720-web
Sender: Rickey Costas
Virus: false Trojan.Keylogger.AC
Added: n/a. False signature of Trojan.Keylogger.AC removed, a corrected one 
added.
Added: Trojan.Keylogger.AC

Submission: 4927-web
Sender: Arthur Pranada
Virus: false Exploit.Junksurf.A
Added: n/a. ClamAV does not detect anything in the sample, so not a false 
positive.

Submission: 4994-web
Added: Trojan.Dropper.VBS.Zerolin-3
Note: added in 443 as Trojan.Dropper.VBS.Zerolin. Now renamed 
Trojan.Dropper.VBS.Zerolin-3

Submission: 5009-web, 5176-web, 5209-web
Sender: Leszek Żarna, Dejan, Steve Basford
Virus: false Trojan.SdBot.Gen-84
Added: n/a. False signature Trojan.SdBot.Gen-84 removed.

Submission: 5010-web
Sender: Leszek Żarna
Virus: false Trojan.SdBot.Gen-84
Added: n/a. The same file as in 5009-web.

Submission: 5020-web, 5021-web
Sender: Petr (PeS)
Virus: false Worm.JS.Redlof.A
Added: n/a. The Worm.JS.Redlof.A signature moved to daily.cvd for further 
analysis.

Submission: 5157-web
Sender: Godwin Stewart
Virus: unknown
Added: No. Worm.Plexus.B found after extracting the attachment from a 
nonstandard format mail message.

Submission: 5158-web
Sender: Daniel De Martin
Virus: Backdoor.IrcContact.20
Added: Trojan.IrcContact.20-2
Note: Signature by aCaB - added in 454 as Backdoor.IrcContact.20. Name changed 
to Trojan.IrcContact.20-2

Submission: 5166-web
Sender: K. Lacroix
Virus: false W32.CIH.1003
Added: n/a. The file contains virus code. Maybe improperly cleaned.

Submission: 5172-web
Sender: Vlad Solopchenko
Virus: Win32.HLLM.Lol.53248 (Drweb)
Alias: W32/MyDoom-S (Sophos), Worm/Mydoom.S.2 (Hbedv), Win32.MyDoom.S@mm 
(Bitdefender)
Added: Worm.Mydoom.S
Note: Added in 455 as Worm.NewMalware.A, then renamed Worm.Mydoom.S.

Submission: n/a
Sender: Tomasz Papszun
Virus: Trojan.Mydoom.S-unp
Alias: BackDoor.Emule.42 (Drweb), Troj/Bdoor-CHR (Sophos), Worm/Mydoom.S.1 
(Hbedv), Win32.MyDoom.S@mm (Bitdefender)
Added: Trojan.Mydoom.S-unp

Submission: 5179-web
Sender: Dan Faerch
Virus: false TR.Dearh.21B.Srv
Added: n/a. False signature of TR.Dearh.21B.Srv removed.

Submission: 5182-web
Added: Trojan.Dropper.VBS.Zerolin-4
Note: Added in 458 as Trojan.Dropper.VBS.Zerolin-1. Now renamed 
Trojan.Dropper.VBS.Zerolin-4

Submission: 5193-web
Sender: jerzy szczudlowski
Virus: false Trojan.SdBot.Gen-67
Added: n/a. False signature Trojan.SdBot.Gen-67 removed.

Submission: 5200-web
Sender: philip jacob
Virus: unknown
Added: No. Worm.Bagle.Z found in the raw attachment lacking email headers.

Submission: n/a
Sender: n/a
Virus: Trojan.Dropper.VBS.Zerolin
Added: n/a. Trojan.Dropper.VBS.Zerolin signature moved to daily.cvd for further 
analysis and renamed Trojan.Dropper.VBS.Zerolin-1

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@xxxxxxxxxxxx http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek@xxxxxxxxxx   http://www.ClamAV.net/   A GPL virus scanner


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285