[clamav-users] Locky Dridex plan
Joel Esler (jesler)
jesler at cisco.com
Sat Mar 26 01:24:36 UTC 2016
We've completely rewritten the submission process as a result of feedback from the list. It should be functioning fine now.
As far as a "plan" for addressing Dridex. We have a lot of things in the works now that we have a completely new signature system, giving us capabilities that we did not have before. But we'll need to take a couple steps, IMO, to tidy up the community first.
One step needs to be to EOL 0.97.x releases (as we should have done when we released 0.99, as per our EOL plan). As those older versions don't accept certain types of signatures.
--
Joel Esler
Manager, Talos Group
Sent from my iPad
On Mar 25, 2016, at 9:08 PM, Gene Heskett <gheskett at wdtv.com<mailto:gheskett at wdtv.com>> wrote:
On Friday 25 March 2016 17:12:06 Groach wrote:
ClamAV signatures have never caught a dridex variant for me (and they
have been around a long time). You need to head to over to Sane
Security and start using their definitions - they have perfect
Zero-hour detections for Dridex (and other Macroware viruses). You
wont be disappointed any more.
I've tried to submit some of those too, but the sub mission page does NOT
like me, so it never lets me get past square one. I have fussed once,
maybe twice on this list but no msg indicates that has been fixed so I
gave up.
Is it fixed to accept new stuff now?
On 25/03/2016 22:06, C.D. Cochrane wrote:
Hi,
I receive a Locky-ransomware variant almost every day as an email
attachment. So far ClamAV has failed to detect it. Each file has
had a unique signature. Does ClamAV have a detection plan and/or
work in progress that will start to detect future variants of this?
thanks,
Chris
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list