There are many versions of FortNight (IFrame exploits). The one you mention is version JS.FortNight.E - this was added to the signature database yesterday (04-june-2003 20:45).
Best regards, Diego d'Ambra -----Original Message----- From: Fajar Arief Nugraha [mailto:[EMAIL PROTECTED] Sent: 5. juni 2003 08:05 To: [EMAIL PROTECTED] Subject: [clamav-users] FortNight virus Hi, I know clamav supposed to know FortNight (http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=27893) virus already : bash-2.03# cat viruses.db|grep -i fortnight Exploit.FortNight (Clam)=3c4449563e3c494652414d45207372633d334422687474703a2f2f7777772e707 26f73746f6c2e636f6d2f6d2e68746d6c222077696474683d3344303d3230 But some mail still get through and Symantec said it contains the fortnight virus. Every mail contains these at the bottom: <IFRAME height=3D0=20 = src=3D"http://www001.upp.so-net.ne.jp:[EMAIL PROTECTED]/m .= htm"=20 width=3D0></IFRAME> Does it mean you should update FortNight's signature or is NOT a virus at all (e.g. Symantec's being paranoid)? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
