Discussion:
CryptoLock
Peter Nitschke
2015-03-18 02:38:53 UTC
Permalink
How does anyone deal with all the new cryptolock stuff?

Macros in docx files etc.
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Michele Schillaci
2015-03-18 06:55:08 UTC
Permalink
Sorry, i meant strictly permissions on attachments


Il 18/03/15 03:47 Peter Nitschke ha scritto:

How does anyone deal with all the new cryptolock stuff?

Macros in docx files etc.
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://lists.mailscanner.info/mailman/listinfo/mailscanner

Support MailScanner development - buy the book off the website!
Michele Schillaci
2015-03-18 06:53:03 UTC
Permalink
No executables allowed.


Il 18/03/15 03:47 Peter Nitschke ha scritto:

How does anyone deal with all the new cryptolock stuff?

Macros in docx files etc.
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://lists.mailscanner.info/mailman/listinfo/mailscanner

Support MailScanner development - buy the book off the website!
Steve Basford
2015-03-18 08:23:18 UTC
Permalink
Post by Peter Nitschke
How does anyone deal with all the new cryptolock stuff?
Macros in docx files etc.
If you are using ClamAV, install Sanesecurity sigs.

phish.ndb database contains cryptolock etc. macro blocks
rogue.hdb database contains current hourly zip/rar/7zip macro blocks

foxhole_generic.cdb database blocks some double extensions
foxhole_all.cdb databse blocks pretty much all dangerous items in archives.

More details on sanesecurity.com

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Continue reading on narkive:
Loading...