ClamAV isn't only used for mail. Clamwin and Immunet client will catch this.
-- Sent from my iPhone > On May 14, 2017, at 12:42, G.W. Haywood <[email protected]> wrote: > > Hi there, > >> On Sun, 14 May 2017, Alex wrote: >> >> Are clamav users protected from this ransomware? > > To be clear about this, the current excitement is caused by a 'worm'. > That means if vulnerable, network-connected systems are not protected > from each other, for example by a firewall, the worm can propagate > itself between the systems with no user action whatever. All that is > required is that the systems be running and connected to the network. > This is why it has managed to affect over 200,000 systems in over 100 > countries in just a few hours. > > It has nothing to do with mail. Clamav is irrelevant because there is > nothing for ClamAV to scan, at least until it is too late. So ClamAV > scanning mail cannot protect against this threat, and was not designed > to do so. > >> Are there possible variants not yet detected? > > Yes. And they'll keep coming. > >> Is there anything further we need to do to protect ourselves, as it >> relates to scanning mail at the gateway? > > To repeat, this has nothing to do with mail. The issue is a buffer > overflow caused by faulty coding present in Microsoft Windows products > for almost as long as anyone can remember. All you can do is fix the > vulnerable machines, or firewall them, or perhaps stop using them on a > network. Windows 7, 10 and later boxes with automatic updates enabled > should have picked up a fix in mid-March. As of yesterday a patch is > available for other OS versions which are otherwise unsupported by > Microsoft. I've just spent most of the weekend patching customers' > 2003 Server and XP machines. Search the Microsoft Update Catalog for > KB4012598. The download page has 13 assorted files for various > flavours of XP, Vista, 8, Server 2003 and Server 2008 - or at least it > did yesterday. When I grabbed the files the download servers were > showing signs of stress, as you might expect, but they were at least > holding up. > >> They're talking about more attacks coming on Monday? > > Forget Monday, they're here already. > > Comments on a postcard, please, to the NSA. For example you might > like to remind them what the 'S' in those initials stands for, as they > surely seem to have forgotten. And I think Donald fired the head of > the wrong agency. Oh, hang on, that's a bit political for this list. :) > > -- > > 73, > Ged. > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
