Hi all,
I've just published ASSP_AFC.pm version 4.48 at SF-CVS.
This version contains an extension to detect embedded executable code in
real PDF files, if 'exe-bin' files are not allowed in the assp
configuration.
Currently detected are:
- java script - most times this is requred by the virus to open and run
any other embedded code
- ms office macros
- exe and com files
- wsh files
This extension is hard coded. There is no way to make an exception to
(e.g) :PDF - like for :ELF, :CSC :MSOM ...... - because such files
are every time malicious!
Currently it seems, that another ransomware attack is starting in
preparation for the weekend! Distributed are such real PDF files per
email!
I don't think that there will be a stupid 'killswitch' in the new viruses
to save the world.
I just saw that ClamAV (sanesecurity signatures) detected most of them -
they all are classified as UNOFFICIAL !!!!.
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
