[clamav-users] CryLocker and Cryptolocker

Reindl Harald h.reindl at thelounge.net
Wed Sep 14 11:23:49 EDT 2016



Am 14.09.2016 um 17:08 schrieb Alex:
> What's being done about blocking attacks from the new crylocker and
> the various types of cryptolocker?
>
> https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
>
> Are there specific patterns that have been designed to block these
> attempts with the default daily rules, or is it third-party rules, or
> otherwise?

all that crap needs to make it somehow to the vicitims machine
http://sanesecurity.com/foxhole-databases/

use all of them and score any attachment with macros high combined with 
bayes training if you can't reject it at all with a milter instance

[root at mail-gw:/etc/clamd.d]$ cat scan.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros no

[root at mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros yes



More information about the clamav-users mailing list