**********************************************************************
**                                                                  **
**  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
**                                                                  **
**  Symantec AntiVirus Research Center (SARC)        April 02, 2001 **
**                                                                  **
**********************************************************************
This document contains the following topics:

 * Virus Alerts
 * New Technologies
 * Changes Incorporated Into This Update
 * Enabling Scanning Features
 * Additional Information

**********************************************************************
** Virus Alerts                                                     **
**********************************************************************
VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
is detected by this definition set.  

The ten most commonly reported viruses, worldwide:

    1  W32.Navidad
    2  W95.MTX
    3  W32.HLLW.QAZ.A
    4  VBS.Stages.A
    5  VBS.LoveLetter
    6  VBS.Network
    7  Wscript.KakWorm
    8  W32.Funlove.4099
    9  PrettyPark.Worm
   10  Happy99.Worm

**********************************************************************
** New Technologies                                                 **
**********************************************************************

DATE         Technologies Added
----         ------------------
02/18/99   * Detection and repair of macro viruses in Word and Excel
             2000 documents.

05/15/99   * Added repair for PowerPoint viruses.
           * Improved heuristics to detect more WORD 97 related
             viruses.

06/10/99   * Menu repair technology for WORD macro viruses that change
             command bar customizations in NORMAL.DOT.

07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
             (Ichitaro is a Japanese word processing program).

08/19/99   * Added detection and repair for embedded documents inside
             PowerPoint 97.

11/22/99   * Added detection and repair for Trojans embedded in OLE
             files, such as Windows scrap files and MS Office
             documents.
           * Added detection for viruses which infect Microsoft
             Project documents (P98M.Corner.A, for example).

02/10/00   * Added support for scanning of UNIX executables.
           * Added detection for infected Visio documents.

12/18/00   * Added heuristics for for 32-bit Windows viruses.
           * Added a script scanner which increases our capabilities for 
             detecting script based threats.

**********************************************************************
** Changes Incorporated Into This Virus Definitions Update          **
**********************************************************************

DATE
----


New virus definitions (by Virus Name):

        Virus Name                Infection Type          Week added
        ----------                --------------          ----------
        Butterfly.302             File infector            04/02/01
        HLLC.Laufwerk.7040        File infector            04/02/01
        Trojan.Taliban            File infector            04/02/01
        VBS.Chango                File infector            04/02/01
        VBS.Yabran.A@mm           File infector            04/02/01
        VBS.Yozis.B               File infector            04/02/01 
        W97.Bablas.BW.Gen         File infector            04/02/01
        W97M.Furio.A              File infector            04/02/01
        W97M.Marker.EO.Gen        File infector            04/02/01
        W97M.Mxc.A                File infector            04/02/01
        W97M.Thus.BQ              File infector            04/02/01
        W97M.Thus.CQ              File infector            04/02/01
        XM.Laroux.DB              File infector            04/02/01
        XM.Laroux.DD              File infector            04/02/01
        XM.Laroux.DH              File infector            04/02/01
        XM.Laroux.DI              File infector            04/02/01
        XM.Laroux.DJ              File infector            04/02/01
        XM.Laroux.DW              File infector            04/02/01
        XM.Laroux.DY              File infector            04/02/01  	                 

        
New virus definitions (by Week added):
        
        Virus Name                Infection Type          Week added
        ----------                --------------          ----------
        Butterfly.302             File infector            04/02/01
        HLLC.Laufwerk.7040        File infector            04/02/01
        Trojan.Taliban            File infector            04/02/01
        VBS.Chango                File infector            04/02/01
        VBS.Yabran.A@mm           File infector            04/02/01
        VBS.Yozis.B               File infector            04/02/01
        W97.Bablas.BW.Gen         File infector            04/02/01
        W97M.Furio.A              File infector            04/02/01
        W97M.Marker.EO.Gen        File infector            04/02/01
        W97M.Mxc.A                File infector            04/02/01
        W97M.Thus.BQ              File infector            04/02/01
        W97M.Thus.CQ              File infector            04/02/01
        XM.Laroux.DB              File infector            04/02/01
        XM.Laroux.DD              File infector            04/02/01
        XM.Laroux.DH              File infector            04/02/01
        XM.Laroux.DI              File infector            04/02/01
        XM.Laroux.DJ              File infector            04/02/01
        XM.Laroux.DW              File infector            04/02/01
        XM.Laroux.DY              File infector            04/02/01
                   

Name Changes (by Old Virus Name):

        Old Virus Name            New Virus Name          Date changed
        --------------            --------------          ------------
        Eka.4096               to Eka.4096 (x)             03/26/01
        VBS.Moridin.Worm       to VBS.Moridin@mm           03/28/01
        W97M.Cross.Epik        to W97M.Epik.A              03/20/01
        XM.Laroux.CU           to XM.Laroux.AX             04/02/01
    


Name Changes (by Date changed):

        Old Virus Name            New Virus Name          Date changed
        --------------            --------------          ------------
        XM.Laroux.CU           to XM.Laroux.AX             04/02/01
        VBS.Moridin.Worm       to VBS.Moridin@mm           03/28/01
        Eka.4096               to Eka.4096 (x)             03/26/01
        Millenium.350          to TinyM.350                03/20/01
        W97M.Cross.Epik        to W97M.Epik.A              03/20/01
 

Deletions (by Virus Name):

        Virus Name                Infection Type          Date removed
        ----------                --------------          ------------
        Linux.Peelf.2132          File infector            04/02/01
        VKit.650                  File infector            03/06/01
        


Deletions (by Date removed):

        Virus Name                Infection Type          Date removed
        ----------                --------------          ------------
        Linux.Peelf.2132          File infector            04/02/01
        VKit.650                  File infector            03/06/01


**********************************************************************
**  Enabling Scanning Features                                      **
**********************************************************************

Several scanning features can be enabled through the use of an INF 
configuration file.  For NAV for Windows 95/NT version 4.x and later, 
or NAV for OS/2, this configuration file should be called NAVEX15.INF
and should be placed in the directory where NAV is installed (i.e.,
C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
the file should be called NAVEX15.INF and should be placed in the 
directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
should be placed in the directory where NAV is installed (i.e., C:\NAV).
If this configuration file does not exist, create one in the appropriate
directory if you want to change the default settings.

To enable a scanning feature for a particular component, one or more 
entries need to be added to the configuration file under the correct
section.  For each platform there is a corresponding section that is used 
in the INF file.  Below is a table of section names and platforms.

Section Name    Platform
------------    --------
NAVW32          Windows 95/98/NT
NAVAP           Windows 95/98/NT Auto-Protect
NAVDX           DOS
NAVNLM          Netware
NAVWIN          Windows 3.1
NAVOS2          OS/2
NAVAIX          AIX
NAVSOL          Solaris

Entries are case insensitive.  Below is a description of possible 
entries.

1. Files can be excluded from scans by the NAVEX engine.  To exclude a
specific file from the NAVEX engine scan, add an entry with the full
path and file name.  This is case insensitive.  No wildcards are allowed.
To exclude multiple files, add a separate entry for each file.  To exclude
a file, add an entry like the one below where <PATH> is the full path
and file name.
        ExcludeFile = <PATH>

2. Files within a directory can be excluded from scans by the NAVEX engine.
To exclude all files within a directory, add an entry with the full 
directory path.  This is case insensitive.  No wildcards are allowed.  This
does not exclude files located in subdirectories of the specified 
directory.  To exclude multiple directories, add a separate entry for each
directory. To exclude a directory, add an entry like the one below where
<DIRECTORY> is the full path.
        ExcludeDirectory = <DIRECTORY>

The following example of an INF configuration file excludes two files, 
NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
Auto-Protect.

[NAVW32]
ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
ExcludeFile = C:\TEMP\BIGFILE.DOC

[NAVAP]
ExcludeDirectory = D:\PRIVATE

**********************************************************************
**    Additional Information                                        **
**********************************************************************

Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.
