[clamav-users] Malware/ransomware and Yara signatures with clamav
Alain Zidouemba
azidouemba at sourcefire.com
Sun May 14 15:20:27 UTC 2017
To address WannaCry, look up signatures with the name:
Win.Ransomware.WannaCry-*
Re: email & WannaCry:
http://blog.talosintelligence.com/2017/05/wannacry.html?showComment=1494655249347#c771405865891887102
Re: anything further we need to do to protect ourselves:
"Organizations should ensure that devices running Windows are fully patched
and deployed in accordance with best practices. Additionally, organizations
should have SMB ports (139, 445) blocked from all externally accessible
hosts."
Please refer to this blog post for additional information about this
ransomware: http://blog.talosintelligence.com/2017/05/wannacry.html
Alain
On Sun, May 14, 2017 at 11:09 AM, Alex <mysqlstudent at gmail.com> wrote:
> Hi,
>
> On Sat, May 13, 2017 at 1:32 PM, Alain Zidouemba
> <azidouemba at sourcefire.com> wrote:
> > For "WannaCry", look for ClamAV signatures:
> > Win.Ransomware.WannaCry-*
>
> Are clamav users protected from this ransomware? Are there possible
> variants not yet detected? Is there anything further we need to do to
> protect ourselves, as it relates to scanning mail at the gateway?
>
> They're talking about more attacks coming on Monday?
>
> Thanks,
> Alex
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list