Update (daily: 637)

ClamAV database updated (2004.12.21 16:42 GMT): daily.cvd
Version: 637
Signatures total: 28600

Submission: 6980-web
Sender: Petr Kristof
Virus: unknown
Added: No. Damaged Worm.Sober.I. Harmless.

Submission: 7004-web, 7010-web, 7116-web, 7174-web, 7204-web, 7267-web, n/a
Sender: Prashanth. S., Krzysztof Raczkowski, MIlan Kecman, Ispas Paul, olo, 
George Chelidze, jotti
Virus: unknown, Email-Worm.Win32.Sober.i
Alias: Win32.Sober.I@xxxxxxxxxx (Bitdefender), Worm/Sober.I (Hbedv), 
Email-Worm.Win32.Sober.i (Kaspersky), W32/Sober.B.dam.wor (Panda), 
W32/Sober.dam (Sybari)
Added: Worm.Sober.I.dam
Note: This is one of the most common "version" of damaged, harmless binaries of 
Worm.Sober.I

Submission: 7086-web, 7088-web, 7095-web, 7096-web
Sender: adi, Holger, Sandu Leanca
Virus: unknown
Added: Worm.SomeFool.AA-2 (added by Diego from 7090-web).

Submission: 7126-web, 7140-web, 7207-web, 7297-web
Sender: adi
Virus: unknown
Added: No. Damaged binary. Most likely damaged Worm.Sober.I. Harmless.

Submission: 7165-web
Sender: Erol Oz
Virus: unknown
Added: No. Damaged zipfile of Worm.Sober.I. Harmless.

Submission: 7167-web
Sender: craig
Virus: Looks like Sober-I
Added: No. Damaged binary. Harmless.

Submission: 7185-web
Sender: Christian
Virus: various
Added: No. After unpacking password-protected zipfile, 
Trojan.Downloader.Agent.AC, Trojan.Spy.W32.Small.BU, Trojan.Dialer.Bprice were 
found. That's why please avoid submitting password-protected archives.

Submission: 7188-web
Sender: alois
Virus: unknown
Added: No. A small fragment of email message. Harmless.

Submission: 7190-web
Sender: Guy Poizat
Virus: unknown
Added: No. Broken executable - file cut, only little fragment left. Harmless.

Submission: 7194-web
Sender: Andre Koot
Virus: Plexus
Added: No. Worm.Plexus.B found after extracting the attachment from broken 
email.

Submission: 7196-web
Sender: Roberto Figueroa
Virus: false (what?)
Added: n/a. ClamAV doesn't detect anything in it, so not a false positive.

Submission: 7203-web
Sender: Macka
Virus: false VBS.Redlof.Encoded.gen
Added: n/a. The sample contains the very characteristic fragment of 
VBS.Redlof.Encoded.gen, thus the signature matches. In this sense, it's not a 
false positive.

Submission: 7229-web
Sender: Tomas Nehybka
Virus: false Oversized.Zip
Added: n/a. This is a configuration issue (try --max-ratio=230), not a false 
positive.

Submission: 7230-web
Sender: Barry Knight
Virus: sober.i
Added: No. Worm.Sober.I found after extracting attachment from damaged email 
message.

Submission: 7283-web
Sender: Yura Scheglyuk
Virus: Win32.HLLW.ForBot.based (Drweb)
Added: Trojan.Wootbot-133 added by Christoph Cordes from 7453-web.

Submission: 7286-web
Sender: Gokcen Ogutcu
Virus: Win32:Sober-H
Added: No. Damaged Worm.Sober.I. Harmless.

Submission: 7298-web
Sender: Jean-Paul Rommens
Virus: unknown
Added: No. A very damaged zipfile. Harmless.

Submission: 7300-web
Sender: Jan Rosa
Virus: unknown
Added: No. Damaged Worm.Sober.I. Harmless.

Submission: 7302-web
Sender: Mikhail Cholokov
Virus: W32.Beagle
Added: No. File modified by quarantining. Can't prepare a signature from it.

Submission: 7303-web
Sender: ricardo
Virus: false Trojan.Killav-3
Added: n/a. Not false. Real.

Submission: 7311-web
Sender: Rodney Arne Karlsen
Virus: unknown
Added: No. Damaged binary data. Harmless.

Submission: n/a
Sender: n/a
Virus: false Exploit.IFrame.Gen
Added: Exploit.IFrame.Gen
Note: Signature updated by Tomasz Kojm. The old signature will be removed from 
main.cvd later.

Submission: 7525-web, 7528-web
Sender: Mark
Virus: unknown
Added: No. Broken binary.

Submission: 7534-web
Sender: Trog
Virus: Beagle variant
Alias: Win32.Bagle.8.Gen@mm (Bitdefender), Win32.HLLM.Beagle (Drweb), 
W32/Bagle.AY@mm (F-Prot)
Added: Worm.Bagle.AY

Submission: 7536-web
Sender: Paolo Segre
Virus: Win32/Mydoom.O@mm
Added: No. Worm.Mydoom.M found after extracting the sample from the tgz file.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@xxxxxxxxxxxx http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek@xxxxxxxxxx   http://www.ClamAV.net/   A GPL virus scanner
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb