Erik Corry wrote:
On Tue, Jan 24, 2006 at 06:40:12PM -0500, Mike Robinson wrote: > I've tried submitting a new Mytob variant over the last 2 days (still > not being detected by ClamAV) and I've still not got a response....IThe following signature seems to detec the Mytob variants on my system: Suspicious.HTML.javascript2=756e6573636170652822253636 Put it in a file called local.db in the same directory as your main.cvd and daily.cvd files. It searches for the string: unescape ("%66 (only without the space) in a mail, so it will get some false positives.
Large number of Feebs-C variants isn't detected by that signature, sorry. Best regards, Diego d'Ambra
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
