[clamav-users] Clamav and "ransomware"
Alex
mysqlstudent at gmail.com
Wed Jun 11 20:19:56 UTC 2014
Hi all,
I'm using clamav-0.98.3 with fedora20 and amavisd-new-2.8.1. I have a few
questions relating to so-called ransomware (cryptolocker and the like).
Is there a specific category of patterns that are related to catching this
class of attacks in email? Are they generally just phishing URLs?
I'm also using the safebrowsing, sanesecurity, and securiteinfo patterns.
I'm using clamav with spamassassin and amavisd. I have a few hundred
whitelist entries, and I'm concerned that some of those accounts may have
been compromised, and have become the source of these attacks. Is it
possible to whitelist (whitelist_from_rcvd) yet still scan them for
viruses/malware? In other words, not make any decisions on whether it's
spam, but if a virus/malware is found, quarantine it?
Thanks,
Alex
More information about the clamav-users
mailing list