Re: [clamav-users] Protection from cryptowall/cryptolocker
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Wed, Dec 24, 2014 at 12:38 AM, Steve Basford steveb_cla...@sanesecurity.com wrote: On Tue, December 23, 2014 6:35 pm, Alex Regan wrote: I'd appreciate any further documents or other methods of protection that people are using to block these? ClamAV and Sanesecurity signatures will help block malware which is emailed in, which can then download exploit packs, some of which contain CrytoWall etc. Sanesecurity sigs are here: http://sanesecurity.com/foxhole-databases/ http://sanesecurity.com/usage/signatures/ Sanesecurity blog with current malware being seen... http://sanesecurity.blogspot.co.uk/ You might also want to sort out windows users with group policy type stuff or something like this (Windows): CryptoPrevent: https://www.foolishit.com/vb6-projects/cryptoprevent/technical-information/ These are worth looking at... http://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/ http://www.surfright.nl/en/cryptoguard Cheers, Steve Web: Sanesecurity.com Blog: sanesecurity.blogspot.co.uk ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Protection from cryptowall/cryptolocker
Hi, I'm using the latest clamav on fedora20 with amavisd and postfix to protect a few hundred users and recently learned one of them were infected with cryptowall 2.0. I'm curious what the level of protection is for these viruses and what's being done to protect against them? I've done quite a bit of searching online and really haven't been able to find much regarding these viruses and clamav. I'd appreciate any further documents or other methods of protection that people are using to block these? Thanks, Alex ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Protection from cryptowall/cryptolocker
On Tue, December 23, 2014 6:35 pm, Alex Regan wrote: I'd appreciate any further documents or other methods of protection that people are using to block these? ClamAV and Sanesecurity signatures will help block malware which is emailed in, which can then download exploit packs, some of which contain CrytoWall etc. Sanesecurity sigs are here: http://sanesecurity.com/foxhole-databases/ http://sanesecurity.com/usage/signatures/ Sanesecurity blog with current malware being seen... http://sanesecurity.blogspot.co.uk/ You might also want to sort out windows users with group policy type stuff or something like this (Windows): CryptoPrevent: https://www.foolishit.com/vb6-projects/cryptoprevent/technical-information/ These are worth looking at... http://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/ http://www.surfright.nl/en/cryptoguard Cheers, Steve Web: Sanesecurity.com Blog: sanesecurity.blogspot.co.uk ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Copfilter] Copy of quarantined email - *** SPAM *** [6.0/6.0] Re: [Clamav-users] Protection from W32.Sality.U
This is a multi-part message in MIME format. BG Mahesh wrote: hi I am getting few emails which are passing thru clamav. Norton says the email is infected with W32.Sality.U Is there an update for clamav which can protect me from W32.Sality.U? I am using 0.88.7 Have you submitted a sample to www.clamav.net? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Protection from W32.Sality.U
BG Mahesh wrote: hi I am getting few emails which are passing thru clamav. Norton says the email is infected with W32.Sality.U Is there an update for clamav which can protect me from W32.Sality.U? I am using 0.88.7 Have you submitted a sample to www.clamav.net? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Protection from W32.Sality.U
hi I am getting few emails which are passing thru clamav. Norton says the email is infected with W32.Sality.U Is there an update for clamav which can protect me from W32.Sality.U? I am using 0.88.7 -- -- B.G. Mahesh http://www.greynium.com/ http://www.oneindia.in/ http://www.click.in/ - Free Indian Classifieds ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] protection
How can I make sure that my clamav protection working correctly ? Thanks ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
Mad Unix wrote: How can I make sure that my clamav protection working correctly ? Use this site: http://www.webmail.us/testvirus to send the Eicar test virus signature to your server. -- Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
- Original Message - From: Mad Unix [EMAIL PROTECTED] To: clamav-users@lists.clamav.net Sent: Tuesday, July 26, 2005 1:55 PM Subject: [Clamav-users] protection How can I make sure that my clamav protection working correctly ? Thanks ___ http://lurker.clamav.net/list/clamav-users.html use the follow link http://www.webmail.us/testvirus -- This message has been scanned for viruses and dangerous content by MEC E-Mail Scanner, and is believed to be clean. -- www.mec.com.jo ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
okay ... thats for the internet mail server, and what about a Intranet Mail server with local use only Thanks On 7/26/05, Daniel J McDonald [EMAIL PROTECTED] wrote: On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
On Tue, 2005-07-26 at 16:26 +0400, Mad Unix wrote: okay ... thats for the internet mail server, and what about a Intranet Mail server with local use only go to eicar.org, grab http://eicar.org/download/eicar.com , and send that file to your mailserver. Thanks On 7/26/05, Daniel J McDonald [EMAIL PROTECTED] wrote: On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] protection
-Original Message- From: Mad Unix [mailto:[EMAIL PROTECTED] Sent: 26 July 2005 13:26 To: ClamAV users ML Subject: Re: [Clamav-users] protection okay ... thats for the internet mail server, and what about a Intranet Mail server with local use only Simplest way would be just to use the testfile at http://www.eicar.org/ as an attachment. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] protection
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mad Unix Sent: Tuesday, July 26, 2005 8:26 AM To: ClamAV users ML Subject: Re: [Clamav-users] protection okay ... thats for the internet mail server, and what about a Intranet Mail server with local use only You can send the infected mail yourself. Send the EICAR test signature on the body of an email (just the eicar, no more text). Clamav should detect it and reject/discard/tempfail the email. I'm not attaching the sig here, 'cause it would be rejected =P. Look at http://eicar.com/anti_virus_test_file.htm somewhere arround the middle. It the line that starts with X5O!... -Samuel ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
On Tue, July 26, 2005 10:35, Bob Hutchinson wrote: On Tuesday 26 Jul 2005 13:03, Daniel J McDonald wrote: On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. Just tried this, using clamv v 0.86.2, daily cvd v 993 It let test No 27 through, but nothing else I just went to the site (Tuesday morning, 11:30am eastern) and there are tests 1-26, but NO 27 .. What is test 27 that it let through ? While I was at it, I tested Kasperky AV against the same tests and it let No 27 through too. GPL is doing just fine here :-) -- - Bob Hutchinson Midwales dot com - ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
On Tuesday 26 Jul 2005 16:43, Ken Jones wrote: On Tue, July 26, 2005 10:35, Bob Hutchinson wrote: On Tuesday 26 Jul 2005 13:03, Daniel J McDonald wrote: On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. Just tried this, using clamv v 0.86.2, daily cvd v 993 It let test No 27 through, but nothing else I just went to the site (Tuesday morning, 11:30am eastern) and there are tests 1-26, but NO 27 .. What is test 27 that it let through ? hmmm how odd, they sent me 3 emails for each test I did, one for clamav and one for Kaspersky Here is the body of the first one: begin 600 eicar.com snipremoved this, my virus scanner stops it/snip end This message was sent to you because you or someone you know is testing your mail server's virus scanner at: http://www.webmail.us/testvirus This test message contains: Test #27: Eicar virus within a ZIP file that has been manipulated to evade detection by some anti-virus software by changing the uncompressed size to zero within the ZIP file headers. If your mail server's virus scanner did not detect this email, it allows some viruses through! Please note: This test message uses the EICAR test virus, which is completely benign and contains no viral code. For more information see: http://www.eicar.org This free test has been provided to you by Webmail.us. While I was at it, I tested Kasperky AV against the same tests and it let No 27 through too. GPL is doing just fine here :-) -- - Bob Hutchinson Midwales dot com - ___ http://lurker.clamav.net/list/clamav-users.html -- - Bob Hutchinson Midwales dot com - ___ http://lurker.clamav.net/list/clamav-users.html