Am 16.02.2017 um 20:55 schrieb Markus Egg:
The attached file was in an email as attachment as "bill":
319598.js
sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js
just block them in general as gmail will do in the near future
[sa-milt@mail-gw:~]$ cat
/var/lib/clamav/thelounge_blocked_extensions.cdb | grep js
thelounge.blocked.extension.js:CL_TYPE_MAIL:*:(?i)\.js$:*:*:*:*:*:*
http://sanesecurity.com/foxhole-databases/
foxhole_js.cdb (medium false positive risk)
This database will block most JavaScript (.js) files within Zip, Rar
archived. The current #locky #javascript #malware is using rapidly
changing JavaScript files and this database is aimed at blocking these.
To help minimise false positives, this database will only scan small
sized Zip and Rar files.
foxhole_js.ndb (medium false positive risk)
This database will block ALL JavaScript (.js) files within GZip and Ace
archives.
The current #locky #javascript #malware is using rapidly changing
JavaScript files and this database is aimed at blocking these.
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
