Re: [Assp-test] updated ASSP_AFC Plugin

Fri, 19 May 2017 06:50:16 -0700 

Thanks for this!!!

On Thu, May 18, 2017 at 10:22 AM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:

> Hi all,
>
> I've just published ASSP_AFC.pm version 4.48 at SF-CVS.
>
> This version contains an extension to detect embedded executable code in
> real PDF files, if 'exe-bin' files are not allowed in the assp
> configuration.
>
> Currently detected are:
>
> - java script - most times this is requred by the virus to open and run
> any other embedded code
> - ms office macros
> - exe and com files
> - wsh files
>
> This extension is hard coded. There is no way to make an exception to
> (e.g)  :PDF  -  like for :ELF, :CSC  :MSOM ......  - because such files are
> every time malicious!
>
> Currently it seems, that another ransomware attack is starting in
> preparation for the weekend! Distributed are such real PDF files per email!
> I don't think that there will be a stupid 'killswitch' in the new viruses
> to save the world.
>
> I just saw that ClamAV (sanesecurity signatures) detected most of them -
> they all are classified as UNOFFICIAL !!!!.
>
> Thomas
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to