CryptoLock
Steve Basford
steveb_clamav at sanesecurity.com
Wed Mar 18 08:23:18 GMT 2015
On Wed, March 18, 2015 2:38 am, Peter Nitschke wrote:
> How does anyone deal with all the new cryptolock stuff?
>
>
> Macros in docx files etc.
If you are using ClamAV, install Sanesecurity sigs.
phish.ndb database contains cryptolock etc. macro blocks
rogue.hdb database contains current hourly zip/rar/7zip macro blocks
foxhole_generic.cdb database blocks some double extensions
foxhole_all.cdb databse blocks pretty much all dangerous items in archives.
More details on sanesecurity.com
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the MailScanner
mailing list