For "WannaCry", look for ClamAV signatures: Win.Ransomware.WannaCry-*
Alain On Sat, May 13, 2017 at 1:24 PM, Alain Zidouemba <[email protected]> wrote: > Yara rules have been supported by ClamAV since 2015: > http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html > > - Alain > > On Sat, May 13, 2017 at 1:16 PM, Alex <[email protected]> wrote: > >> Hi, >> >> So you've probably heard of the latest ransomware dubbed WannaCry. I'm >> wondering if anyone has figured out a way to integrate the yara >> signatures for these types of exploits with spamassassin? >> >> https://www.us-cert.gov/ncas/alerts/TA17-132A >> >> What is the status of development of integration of yara rules into >> clamav? >> >> I submitted two more password encrypted word macro viruses as >> false-positives to the clamav team several days ago, and they still >> aren't being marked properly. I need another way to more quickly >> identify vulnerabilities and exploits. >> >> Thanks, >> Alex >> _______________________________________________ >> clamav-users mailing list >> [email protected] >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
