[clamav-users] CryLocker and Cryptolocker

Reindl Harald h.reindl at thelounge.net
Wed Sep 14 11:23:49 EDT 2016

Am 14.09.2016 um 17:08 schrieb Alex:
> What's being done about blocking attacks from the new crylocker and
> the various types of cryptolocker?
> https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
> Are there specific patterns that have been designed to block these
> attempts with the default daily rules, or is it third-party rules, or
> otherwise?

all that crap needs to make it somehow to the vicitims machine

use all of them and score any attachment with macros high combined with 
bayes training if you can't reject it at all with a milter instance

[root at mail-gw:/etc/clamd.d]$ cat scan.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros no

[root at mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep -i ole
ScanOLE2 yes
OLE2BlockMacros yes

More information about the clamav-users mailing list