[clamav-users] CryLocker and Cryptolocker

Alex mysqlstudent at gmail.com
Wed Sep 14 13:19:24 EDT 2016


Hi,

>> Yes, I'm using all the third-party sigs, including sanesecurity, but
>> they are still getting through.
>>
> Hi Alex,
>
> What types are getting through JavaScript or docs etc.

JavaScript (.js files) is rejected outright.

I don't have any examples, particularly of the cryptolocker type, but
it's what customers are complaining about. It's almost always Word
documents. I also don't always get the feedback from the users on the
specific Word documents that were missed, only that their desktop was
compromised.

I hate to have to completely block macros because a better solution
doesn't exist. One customer recently did an eval with another company
that used F-Secure, and it continually outperformed clamav with
blocking macro viruses that would otherwise have been missed. It made
us look real bad.

> What dbs are you using ?

Here is the full list:

badmacro.ndb
blurl.ndb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
bytecode.cld
crdfam.clamav.hdb
daily.cld
foxhole_filename.cdb
foxhole_generic.cdb
foxhole_js.cdb
hackingteam.hsb
javascript.ndb
junk.ndb
jurlbla.ndb
jurlbl.ndb
lott.ndb
main.cvd
malwarehash.hsb
malwarepatrol.ndb
mirrors.dat
phish.ndb
phishtank.ndb
porcupine.hsb
porcupine.ndb
rogue.hdb
safebrowsing.cld
sanesecurity.ftm
scamnailer.ndb
scam.ndb
securiteinfoascii.hdb
securiteinfo.hdb
securiteinfohtml.hdb
securiteinfo.ign2
sigwhitelist.ign2
spamattach.hdb
spamimg.hdb
spam.ldb
spearl.ndb
spear.ndb
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow.complex.patterns.ldb
winnow_extended_malware.hdb
winnow_extended_malware_links.ndb
winnow_malware.hdb
winnow_malware_links.ndb
winnow_phish_complete_url.ndb
winnow_spam_complete.ndb



More information about the clamav-users mailing list