[clamav-users] Suggestion: Need option to "Block Skipped Files" and Scan Summary to indicate "Skipped files"

2016-09-14 Thread 'Andy Schmidt'
Hi, I didn't know if I was supposed to use the "Bug Reporting" system, as this really is reporting an issue with how the software operates "as designed". Currently, ClamAV will indicate whether an infected file was found - THAT condition is non-ambiguous. However, when ClamAV reports:

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Reindl Harald
Am 14.09.2016 um 17:47 schrieb Alex: The problem with setting OLE2BlockMacros to yes is that if you don't implement your own signatures against macro code, setting OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros to be returned and disables all official and unofficial

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Steve basford
On 14 September 2016 18:20:17 Alex wrote: I also don't always get the feedback from the >users on the specific Word documents that were missed, >only that their desktop was compromised. Without having a sample it's a bit difficult but if you do get a sample that

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Alex
Hi, >> Yes, I'm using all the third-party sigs, including sanesecurity, but >> they are still getting through. >> > Hi Alex, > > What types are getting through JavaScript or docs etc. JavaScript (.js files) is rejected outright. I don't have any examples, particularly of the cryptolocker type,

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Steve Basford
On Wed, September 14, 2016 5:51 pm, Philip Parsons wrote: > I am also still having a bunch get through. .doc .zip .docm most of the > java script ones are not making in it. Hi Philip, If you zip up a few samples with a password: samp...@sanesecurity.me.uk -- Cheers, Steve Twitter:

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Philip Parsons
I am also still having a bunch get through. .doc .zip .docm most of the java script ones are not making in it. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Steve basford Sent: September 14, 2016 9:43 AM To: ClamAV users ML

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Steve basford
On 14 September 2016 16:48:45 Alex wrote: Yes, I'm using all the third-party sigs, including sanesecurity, but they are still getting through. Hi Alex, What types are getting through JavaScript or docs etc. What dbs are you using ? Can you send some missed

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Vincent Fox
>Does anyone think it's reasonable/acceptable to block all macros in >any sizable organization? Yes. We are 2-4 million messages/day, dunno if that is "sizable" to you. ___ Help us build a comprehensive ClamAV guide:

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Alex
Hi, >> What's being done about blocking attacks from the new crylocker and >> the various types of cryptolocker? > all that crap needs to make it somehow to the vicitims machine > http://sanesecurity.com/foxhole-databases/ Yes, I'm using all the third-party sigs, including sanesecurity, but

Re: [clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Reindl Harald
Am 14.09.2016 um 17:08 schrieb Alex: What's being done about blocking attacks from the new crylocker and the various types of cryptolocker? https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757 Are there

[clamav-users] CryLocker and Cryptolocker

2016-09-14 Thread Alex
Hi all, What's being done about blocking attacks from the new crylocker and the various types of cryptolocker? https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757 Are there specific patterns that have been