###############################################################################
#
# Note: ^TV is base64 encoding of MS executable's, (e.g., .EXE file,)
# magic data, ^MZ.  See /usr/share/misc/magic for particulars, (see,
# also, "man magic" or "man file".)  7 characters is a 7^(2 * 26) =
# 1.0280717E12, (about one in a trillion,) chance of a false positive
# error, (^TV is 2^(2 * 26) = 1 in 204,304; far too low, and is a
# common word, too.)
#
# ^T24gRXJ Mawanella
#
# ^TVoAAAI Aliz, Blebla or SysClock, Ganda, Happy, Heyya.b, IISWorm,
#          MTX, Magistr, Opasoft-a,d, PrettyPark, Sharpei.a, SirCam,
#          Elkern
#
# ^TVpQAAI Blebla, Elkern, Happy, MTX, Opasoft, SirCam
#
# ^TVpsAAE FunnyPics, Trood
#
# ^TVqQAAM Apost, Avron aka Lirva, BadTransII, CodeGreen.a, Frethem,
#          GOPWorm.153, Generic, Gibe, Hadra, Hybris, SnowWhite, Klez,
#          LastWord, Lentin, Yaha, LovGate, Magistr, MyParty, Navidad,
#          NetThief, Nimda, Scrambler, Sobig, Tanatos, BugBear,
#          TrojanDownloader.Win32.Ultraset
#
# ^UEsDB SoBig.E, base64 zipped file, (^UE\003\004 is base64 encoded
# ^PK ..., see /usr/share/misc/magic; the actual base64 magic data is
# ^UEsDBBQAAAAIA ..., with the 14'th character representing the first
# character of the base64 encoded zipped file.) Unfortunately, this
# gives a false positive for any zipped file-since SoBig.E is
# polymorphic, and the 14'th character is variable. Best to reject
# zipped files.
#
# ^UmFyIRo RAR archive header marker from rarlinux-3.0.tar.gz
#          documentation
#
:0 BD
* ^(T(24gRXJ|V((o(A(AA[AEIQ]|ACQ|APo|AD8)|FAQU|IARM|uARs))|(p(AALQ|LRVJ|QAAI|(A|s)AAE|yAXk))|qQAAM|(r(QAT8|hARw|mAU4))))|U(Es(D|F)B|mFyIRoH))
{ VIRUS=true }
#
######################################################################
#
# A license is hereby granted to reproduce this software for personal,
# non-commercial use.
#
# THIS PROGRAM IS PROVIDED "AS IS". THE AUTHOR PROVIDES NO WARRANTIES
# WHATSOEVER, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF
# MERCHANTABILITY, TITLE, OR FITNESS FOR ANY PARTICULAR PURPOSE.  THE
# AUTHOR DOES NOT WARRANT THAT USE OF THIS PROGRAM DOES NOT INFRINGE THE
# INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY IN ANY COUNTRY.
#
# So there.
#
# Copyright (c) 1992-2005, John Conover, <john@email.johncon.com>, All
# Rights Reserved.
#
# $Revision: 1.0 $
# $Date: 2005/08/26 07:44:51 $
# $Id: howto-virus.txt,v 1.0 2005/08/26 07:44:51 conover Exp $
# $Log: howto-virus.txt,v $
# Revision 1.0  2005/08/26 07:44:51  conover
# Initial revision
#