I've recently been asked if our virus scanner (clamav) detects the latest mydoom, Mydoom.F. I've seen other messages on this and the mailscanner list that indicate that it does, but I've been unable to confirm it myself yet.
If I do: sigtool --list-sigs | grep -i mydoom
I get:
Worm.Mydoom.B
Worm.Mydoom.B-dll
Worm.Mydoom.E
Worm.Mydoom.E-unp
Worm.MyDoom.E.UPX
Is one of those MyDoom variants actually MyDoom.F (or is it called something else)?
What some vendors call MyDoom.F should be detected as Worm.MyDoom.E.UPX by clamav.
from the clamav-virusdb mail list:
ClamAV database updated (2004.02.23 19:56 GMT): daily.cvd, viruses.db2
Version: 137
...
Submission: 1325-web, 1327-web, 1328-web, 1329-web
Sender: Peter Hegedus, Daniel Baker, David Jonas
Virus: Unknown Virus
Alias: Win32/[EMAIL PROTECTED] (RAV), Win32.HLLM.MyDoom.based (DrWeb), I-Worm.Mydoom.e (KAV)
Added: Worm.MyDoom.E.UPX
Notes: This is a variant of the original MyDoom worm,packed with UPX.
--
Noel Jones
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
