Yes, Clam detects Palyh (Sobig.b) and have been doing so aprox 24 hours after outbreak.
It also detects the latest version of Sobig now called Sobig.C. Best regards, Diego d'Ambra -----Original Message----- From: Ed Greenberg [mailto:[EMAIL PROTECTED] Sent: 3. juni 2003 02:41 To: [EMAIL PROTECTED] Subject: Re: [clamav-users] Sobig.b Is clamav catching this yet? As of today's downloads? --On Monday, June 02, 2003 8:34 PM -0400 Ed Phillips <[EMAIL PROTECTED]> wrote: > Thanks! Exactly what I was looking for! > > Ed > > On Mon, 2 Jun 2003, Jason Englander wrote: > >> Date: Mon, 02 Jun 2003 18:53:49 -0400 (EDT) >> From: Jason Englander <[EMAIL PROTECTED]> >> Reply-To: [EMAIL PROTECTED] >> To: ClamAV Users <[EMAIL PROTECTED]> >> Subject: Re: [clamav-users] Sobig.b >> >> On Sun, 1 Jun 2003, Ed Phillips wrote: >> >> > Is this signature for the "Sobig.b" virus >> > (http://vil.nai.com/vil/content/v_100307.htm)? Evidently, some >> > virus scanners use "Palyh" and some use "Sobig.b"... >> > >> > gamera:/opt/clam/share/clamav> egrep -i palyh viruses.db >> > Worm.Palyh.A >> > (Clam)=b7496d706f7274616e6365076f05e8ff4f75746c6f6f6b20457870c94736 >> > 2e3 >> > 0fea35cf7302e3236 g >> >> I have an infected sample of what clamav finds to be Worm.Palyh.A >> >> File::Scan says it's W32/[EMAIL PROTECTED] >> f-prot says W32/[EMAIL PROTECTED] >> antivir says Worm/Sobig.B >> uvscan says W32/[EMAIL PROTECTED] >> >> Jason >> >> -- >> Jason Englander <[EMAIL PROTECTED]> >> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082 > Systems Programmer III, Network and Systems Services finger -l > [EMAIL PROTECTED] for PGP public key > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
