On Wed, 11 Feb 2004 at 8:43:41 -0500, Kevin M. Myer wrote: > Hello, > > The ClamAV team did a great job of getting the signature out for MyDoom.A > (SCO.A) virus well before the commercial vendors had signatures. However, > yesterday, we started receiving what turns out to be MyDoom.D messages. I > submitted a sample at about 9:00AM EST, on 2/10/2004 but am still awaiting a > signature to detect MyDoom.D. > > My question: I knew there was a new virus on the loose yesterday morning. Is > there a way to use a copy of the virus in the wild to generate a temporary > signature? I kept watching for updates yesterday but started stripping > attachments as a temporary relief measure when I realized how wide spread this > had become. > > So is there a temporary stop-gap measure that we can employ for signature > generation for viruses in the wild? >
We are working on your (and other) submissions in the moment. We apologise for the delay! :-( . As a quick, temporary fix, you can use the attached file, containing the signature prepared by one of developers - Christoph Cordes. Just place it in your database directory and reload clamd. Once again: sorry! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Worm.SCO.A.enc (Clam)=b7c3917eb1ffe653304e1f44494c5b818c945d4d7801515c270c0b0e107772654d004e4f535d53555d17004f77647d6b31567d0a696a7a6af9984177157e6060f24992dd57ec89e106cd8097d0b5064074d1e7a8
