Update (main: 28, daily: 595)

ClamAV database updated (2004.11.20 01:02 GMT): main.cvd (main.db + main.hdb)
main.cvd version: 28; nr of signatures: 26630

ClamAV database updated (2004.11.20 01:28 GMT): daily.cvd (daily.db + daily.hdb 
+ daily.ndb)
daily.cvd version: 595; nr of signatures: 397

Signatures total: 27027


Submission: 5688-web
Sender: Gerard van Dijnsen
Virus: false Trojan.Mybot.gen-156
Added: n/a. Removed Trojan.Mybot.gen-156 signature soon after the report.

Submission: 5699-web
Sender: Vladimir Costa
Virus: false W32.CIH.1003
Added: n/a. The file contains the virus fragment. Maybe improperly cleaned.

Submission: 5711-web, 5717-web, 5718-web, 5721-web, 6639-web
Sender: Christian, partytime, Zielu
Virus: false Trojan.Delf.PR
Added: Trojan.Delf.PR signature updated.
Added: Trojan.Delf.PR-cli
Note: Both signatures created from submission 5165-web.

Submission: 5731-web
Sender: Andreas Schild
Virus: false Trojan.Paul
Added: n/a. Trojan.Paul signature removed.

Submission: 5737-web
Sender: Anthony
Virus: false Trojan.FBI
Added: n/a. Trojan.FBI signature removed.

Submission: 5783-web
Sender: christophe goudey
Virus: false Worm.SomeFool.D
Added: Worm.SomeFool.D signature updated.

Submission: 5835-web, 6087-web
Sender: FREBAULT Roger, Steve Basford
Virus: false Trojan.Padodor.X-dll
Added: n/a. Trojan.Padodor.X-dll signature removed.

Submission: 5843-web
Sender: Karl Jentsch
Virus: false Trojan.Dropper.JS.Zerolin-6
Added: n/a. Not false.

Submission: 5881-web, 5882-web, 5901-web
Sender: Rene
Virus: false
Added: n/a. ClamAV doesn't find a virus in it, so not a FP. Spam.

Submission: 5934-web, 5985-web, 6461-web
Sender: bleve, Nicolas GREGOIRE, Kay MacKenzie
Virus: false Eicar-Test-Signature
Added: n/a. Eicar-Test-Signature signature moved to daily.cvd for reworking.

Submission: 5982-web, 6235-web
Sender: Sylvain Berge, Francis Stevens
Virus: false Oversized.zip
Added: Not a FP but the need for finetuning your config: 
ArchiveMaxCompressionRatio or --max-ratio

Submission: 5989-web
Sender: Keith Brown
Virus: false
Added: n/a. The signature removed in update 515.

Submission: 5993-web
Sender: TSUCHIDA Fumitaka
Virus: false Visacard Phishing Mail
Added: n/a. ClamAV doesn't find a virus in it, so not a FP.

Submission: 6024-web
Sender: Stefan Puffer
Virus: false Legs.7000
Added: n/a. Legs.7000 signature removed.

Submission: 6029-web
Sender: Paul Pianta
Virus: false Oversized.zip
Added: Not a FP. Tip: ArchiveMaxCompressionRatio doesn't affect clamscan. Use 
--max-ratio command line option.

Submission: 6053-web
Sender: tom felts
Virus: false (what?)
Added: n/a. Worm.Mydoom.Gen-1 signature moved to daily.cvd for further analysis.

Submission: 6070-web
Sender: Marcel de Reuver
Virus: false Suspected.Zip
Added: n/a. The zipfile is corrupted.

Submission: 6231-web, 6232-web
Sender: Chris Grove
Virus: false Exploit.JPEG.Comment.1
Added: n/a. The signature updated in October.

Submission: 6233-web
Sender: desclaux
Virus: false worm.SomeFool.P
Added: n/a. ClamAV doesn't find a virus in it, so not a FP. Is your database 
up-to-date?

Submission: 6471-web, 6472-web
Sender: fans
Virus: false
Added: n/a. Not a FP. Email error messages.

Submission: 6556-web
Sender: Sergey
Virus: false
Added: n/a. Not false. Real Worm.Bagle.AT.

Submission: 6570-web, 6814-web, 6815-web, 6904-web, 6905-web
Sender: Jan Harkes, Steffen Breitbach, Ute Horvath
Virus: false Exploit.Jolt
Added: Exploit.Jolt signature updated
Note: The signature by Tomasz Kojm

Submission: 6581-web
Sender: Jasmin Kirchner
Virus: false LibertyII
Added: n/a. LibertyII signature removed.

Submission: 6592-web
Sender: Euler German
Virus: false
Added: n/a. ClamAV doesn't find a virus in it, so not a FP. Is your database 
up-to-date?

Submission: 6720-web
Sender: Anton Avramov
Virus: false Trojan.Hackarmy-21
Added: n/a. Trojan.Hackarmy-21 signature removed in update 576.

Submission: 6722-web
Sender: ToNY
Virus: false Yaha.B
Added: n/a. The Yaha.B signature moved to daily.cvd for further analysis.

Submission: 6745-web
Sender: Prevot
Virus: unknown
Added: No. 133471 NULLs (yes, 133471-byte file with only NULL chars).

Submission: 6756-web
Sender: Andrew Trimmings
Virus: false W32.Magistr.B
Added: n/a. ClamAV doesn't find a virus in it, so not a FP. Is your database 
up-to-date?

Submission: 6761-web
Sender: Michal
Virus: unknown
Added: No. A mail with attachment removed. Harmless.

Submission: 6861-web
Sender: Tamas Roth
Virus: false Backdoor.Usirf
Added: n/a. Not false, real trojan.
Note: The submission scanner detects it with --detect-broken

Submission: 6926-web
Sender: Graham Maltby
Added: Worm.Sober.I-unp
Note: The signature by Tomasz Kojm

Submission: 6949-web
Sender: Sebastian Schaffert
Virus: Sober.I
Added: No. A message with attachment removed.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@xxxxxxxxxxxx http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek@xxxxxxxxxx   http://www.ClamAV.net/   A GPL virus scanner
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb