Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread admin-at-extremeshok-dot-com
I'm the maintainer, if you have any suggestions or enhancements for the script, please open an issue on the github project page https://github.com/extremeshok/clamav-unofficial-sigs __.https://eXtremeSHOK.com .__ On 27-Sep-

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread K Post
Never mind on my question on the SaneSecurity.Foxhole prefix. The example signature names at http://sanesecurity.com/foxhole-databases/ explain it a bit, though I don't understand how it works. No matter. -- _

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread K Post
On Winodws, we use ClamWin/ClamAV Sigupdate 0.8 beta from http://sanesecurity.com/usage/windows-scripts/ It works perfectly for those sigs from Sane. On Tue, Sep 27, 2016 at 11:38 AM, Michael Seward wrote: > We use this script to download and use multiple ClamAV definitions: > > https://github

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread K Post
I'm ashamed that I missed the .js / .exe at the end of the regex. Makes total sense now!! And absolutely, I'm in favor of multiple layers of scanning / protection. ClamAV, AFC, Exchange scanning, server scanning, and multiple levels of workstation scanning still isn't enough! Is there a reason

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread Michael Seward
We use this script to download and use multiple ClamAV definitions: https://github.com/extremeshok/clamav-unofficial-sigs -Original Message- From: K Post [mailto:nntp.p...@gmail.com] Sent: 27 September 2016 15:51 To: For Users of ASSP Subject: Re: [Assp-user] get more protection from ra

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread Thomas Eckardt
>Doesn't ASSP_AFC take care of this? Yes, but not all are using this plugin. AND - no code is perfect - take care and double check! Was your company ever attacked by ransomeware - possibly a zero day one? Did you ever restored some terrabyte of server data or several hundreds of PC's. Even 'a h

Re: [Assp-user] get more protection from ransomeware

2016-09-27 Thread K Post
I concur with this great tip. I've been using foxhole js and file for a while now with great success. I'm afraid of foxhole_all.cdb, as they say there's a high likelihood of false positives. Has that not been your experience? I don't quite understand the point of your own signatures. Doesn't AS

[Assp-user] get more protection from ransomeware

2016-09-27 Thread Thomas Eckardt
Hi all, who ever uses ClamAV with assp should have a look in to the sanesecurity signatures. http://www.sanesecurity.co.uk/databases.htm who ever still uses this signatures should have a look in to the ClamSup.ini file. There are several lines exluded from the download - what I mean are: # #