Hi,
I didn't know if I was supposed to use the "Bug Reporting" system, as this
really is reporting an issue with how the software operates "as designed".
Currently, ClamAV will indicate whether an infected file was found - THAT
condition is non-ambiguous.
However, when ClamAV reports:
Am 14.09.2016 um 17:47 schrieb Alex:
The problem with setting OLE2BlockMacros to yes is that if you don't
implement your own signatures against macro code, setting
OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros
to be returned and disables all official and unofficial
On 14 September 2016 18:20:17 Alex wrote:
I also don't always get the feedback from the >users on the
specific Word documents that were missed, >only that their desktop was
compromised.
Without having a sample it's a bit difficult but
if you do get a sample that
Hi,
>> Yes, I'm using all the third-party sigs, including sanesecurity, but
>> they are still getting through.
>>
> Hi Alex,
>
> What types are getting through JavaScript or docs etc.
JavaScript (.js files) is rejected outright.
I don't have any examples, particularly of the cryptolocker type,
On Wed, September 14, 2016 5:51 pm, Philip Parsons wrote:
> I am also still having a bunch get through. .doc .zip .docm most of the
> java script ones are not making in it.
Hi Philip,
If you zip up a few samples with a password:
samp...@sanesecurity.me.uk
--
Cheers,
Steve
Twitter:
I am also still having a bunch get through. .doc .zip .docm most of the java
script ones are not making in it.
-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
Steve basford
Sent: September 14, 2016 9:43 AM
To: ClamAV users ML
On 14 September 2016 16:48:45 Alex wrote:
Yes, I'm using all the third-party sigs, including sanesecurity, but
they are still getting through.
Hi Alex,
What types are getting through JavaScript or docs etc.
What dbs are you using ?
Can you send some missed
>Does anyone think it's reasonable/acceptable to block all macros in
>any sizable organization?
Yes.
We are 2-4 million messages/day, dunno if that is "sizable" to you.
___
Help us build a comprehensive ClamAV guide:
Hi,
>> What's being done about blocking attacks from the new crylocker and
>> the various types of cryptolocker?
> all that crap needs to make it somehow to the vicitims machine
> http://sanesecurity.com/foxhole-databases/
Yes, I'm using all the third-party sigs, including sanesecurity, but
Am 14.09.2016 um 17:08 schrieb Alex:
What's being done about blocking attacks from the new crylocker and
the various types of cryptolocker?
https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
Are there
Hi all,
What's being done about blocking attacks from the new crylocker and
the various types of cryptolocker?
https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
Are there specific patterns that have been
11 matches
Mail list logo