Update (main: 29, daily: 665)

ClamAV database updated (2005.01.14 20:59 GMT): main.cvd (main.db + main.hdb)
main.cvd version: 29; nr of signatures: 29086

ClamAV database updated (2005.01.14 21:31 GMT): daily.cvd (daily.db + daily.hdb 
+ daily.ndb)
daily.cvd version: 665; nr of signatures: 344

Signatures total: 29430


Submission: 7062-web
Sender: Takao Takeuchi
Virus: false Exploit.HTML.ObjectData
Added: Exploit.HTML.ObjectData signature updated by Trog.

Submission: 7130-web
Sender: Jason Haar
Virus: false Trojan.Zappa
Added: n/a. Trojan.Zappa signature removed.

Submission: 7131-web, 7723-web
Sender: Jason Haar, Thomas Berger
Virus: false Saboteur.41961
Added: n/a. Saboteur.41961 signature removed.

Submission: 7281-web, 7296-web
Sender: Steve Head
Virus: false Trojan.Rebootpc.A
Added: n/a. Trojan.Rebootpc.A signature removed.

Submission: 7307-web
Sender: Dale Sykora
Virus: false Trojan.URLspoof.gen
Added: n/a. ClamAV 0.80 doesn't detect Trojan.URLspoof.gen in the sample.

Submission: 7332-web
Sender: Jurgen Walch
Virus: false
Added: n/a. Crashing on the sample was fixed in CVS after your submission.

Submission: 7567-web
Sender: Laurent Papier
Virus: Worm/Sober.I
Added: Worm.Sober.I.dam-2 added by Tomasz Kojm from 7657-web.

Submission: 7581-web
Sender: Ger ard van Dijnsen
Virus: false Worm.Gaobot.189
Added: n/a. Already removed on previous day.

Submission: 7594-web
Sender: Felix Leimbach
Virus: false W32.CIH.1003
Added: n/a. The sample contains the virus fragment - probably not properly 
cleaned.

Submission: 7606-web
Sender: Hugo van der Kooij
Virus: Net-Worm.Perl.Santy.C
Added: Worm.Santy.C added by Christoph from 7605-web.

Submission: 7610-web
Sender: Tamas Roth
Virus: false W32.GriYo
Added: n/a. W32.GriYo signature removed.

Submission: 7628-web
Sender: Rob Passante
Virus: W32/Sober.j.eml!exe
Added: No. Useless proprietary format (MS Ootlook?) file. Probably a 
notification about stopped infected message.

Submission: 7630-web
Sender: Andrew Catford
Virus: false JPEG Exploit
Added: n/a. ClamAV isn't detecting anything in the file.

Submission: 7631-web
Sender: Submitter
Virus: Phish-BankFraud.eml
Added: No. Useless proprietary format (MS Outlook?) file.

Submission: 7632-web
Sender: Gareth Blades
Virus: false Trojan.Bancos-86-unp
Added: n/a. The false signature was removed 2 days before your submission. 
Please update your database.

Submission: 7656-web
Sender: Missi
Virus: Backdoor.Win32.Rbot.gen
Added: Trojan.Mybot-687 by Christoph Cordes in update 647 from other submission

Submission: 7659-web
Sender: Devdas Bhagat
Virus: unknown
Alias: Trojan-Spy.Win32.Goldun.a (Kaspersky)
Added: Trojan.Spy.Goldun.A, Trojan.Spy.Goldun.A-rar, Trojan.Spy.Goldun.Gen by 
Tomasz Kojm from later submissions, but Devdas Bhagat was the 1st who submitted 
it.

Submission: 7702-web
Sender: Markus Winkelmann
Virus: unknown
Added: No. Just a list of email addresses. Harmless.

Submission: 7720-web
Sender: Bryan Pauquette
Virus: false Java.ClassLoader.24564
Added: n/a. Not false. Other AV scanners also detect a few trojans in the files.

Submission: 7721-web
Sender: Jan Havrda
Virus: Erklez.D
Added: No. Harmless plain text file.

Submission: 7722-web
Sender: Thomas Berger
Virus: false Trojan.FBI
Added: n/a. You must have very outdated database. The Trojan.FBI signature was 
removed 20 Nov 2004.

Submission: 7734-web
Sender: Armin Fuerst
Virus: unknown
Added: Trojan.Spy.Goldun.A-2 by Christoph Cordes from 7732-web.

Submission: 7769-web
Sender: Sven Strickroth
Virus: false Trojan.Netbus.160.Whack
Added: n/a. While the sample itself isn't a trojan, indeed, it's a very 
characteristic companion of Netbus, so its presence very likely indicates 
infection. BTW, at least one other scanner detects the trojan in it. Anyway, 
moved to daily.cvd to make possible removing easier.

Submission: 7783-web
Sender: Davide Repetto
Virus: unknown
Added: No. Don't submit email messages in proprietary MS formats. Unprocessed.

Submission: 7906-web
Sender: CyberRax
Virus: Trojan.Downloader.Keenval-2
Added: n/a. Not false. And at least 5 other scanners detect it in the sample.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@xxxxxxxxxxxx http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek@xxxxxxxxxx   http://www.ClamAV.net/   A GPL virus scanner
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb