Am 14.09.2016 um 17:08 schrieb Alex:
What's being done about blocking attacks from the new crylocker and
the various types of cryptolocker?
https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
Are there specific patterns that have been designed to block these
attempts with the default daily rules, or is it third-party rules, or
otherwise?
all that crap needs to make it somehow to the vicitims machine
http://sanesecurity.com/foxhole-databases/
use all of them and score any attachment with macros high combined with
bayes training if you can't reject it at all with a milter instance
[root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros no
[root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros yes
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
