ClamAV has been catching it for several weeks I think. We've caught over
13,000 copies so far... I just wasn't sure if Worm.Palyh.A in ClamAV was
what other software calls "Sobig.b"...
Ed
On Mon, 2 Jun 2003, Ed Greenberg wrote:
> Date: Mon, 02 Jun 2003 17:40:40 -0700
> From: Ed Greenberg <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: [clamav-users] Sobig.b
>
> Is clamav catching this yet? As of today's downloads?
>
> --On Monday, June 02, 2003 8:34 PM -0400 Ed Phillips <[EMAIL PROTECTED]> wrote:
>
> > Thanks! Exactly what I was looking for!
> >
> > Ed
> >
> > On Mon, 2 Jun 2003, Jason Englander wrote:
> >
> >> Date: Mon, 02 Jun 2003 18:53:49 -0400 (EDT)
> >> From: Jason Englander <[EMAIL PROTECTED]>
> >> Reply-To: [EMAIL PROTECTED]
> >> To: ClamAV Users <[EMAIL PROTECTED]>
> >> Subject: Re: [clamav-users] Sobig.b
> >>
> >> On Sun, 1 Jun 2003, Ed Phillips wrote:
> >>
> >> > Is this signature for the "Sobig.b" virus
> >> > (http://vil.nai.com/vil/content/v_100307.htm)? Evidently, some virus
> >> > scanners use "Palyh" and some use "Sobig.b"...
> >> >
> >> > gamera:/opt/clam/share/clamav> egrep -i palyh viruses.db
> >> > Worm.Palyh.A
> >> > (Clam)=b7496d706f7274616e6365076f05e8ff4f75746c6f6f6b20457870c947362e3
> >> > 0fea35cf7302e3236 g
> >>
> >> I have an infected sample of what clamav finds to be Worm.Palyh.A
> >>
> >> File::Scan says it's W32/[EMAIL PROTECTED]
> >> f-prot says W32/[EMAIL PROTECTED]
> >> antivir says Worm/Sobig.B
> >> uvscan says W32/[EMAIL PROTECTED]
> >>
> >> Jason
> >>
> >> --
> >> Jason Englander <[EMAIL PROTECTED]>
> >> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >
> > Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
> > Systems Programmer III, Network and Systems Services
> > finger -l [EMAIL PROTECTED] for PGP public key
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l [EMAIL PROTECTED] for PGP public key
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
