I'm already running ClamAV and I block on file extensions. Is there any way
to recognize executables by content and block them? I just saw this article
on a coming attack vector through Windows Subsystem for Linux (WSL) in
which the payload is an ELF binary that then downloads and spawns a Windows
binary.
<https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/>
The hard part would be defining "executable" but that could be extensible.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
