Re: [clamav-users] Goldeneye ransomware

2016-12-09 Thread Matteo Dessalvi
Hi. Thanks for the advice but we are actually using Sanesecurity signatures. I was just put off by the fact that Badmacro.ndb is reported to have medium false positives risk and so we have avoided it but I guess I will make an attempt now. Best regards, Matteo On 12/08/2016 09:55 PM, Steve

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Steve basford
Hi... this is detected with Badmacro.ndb. On 8 December 2016 16:54:26 Matteo Dessalvi wrote I also ran a quick analysis on Malwr: https://malwr.com/analysis/Y2VhYWNjZTk3NWFhNGRhMDg5OWYwY2E5MzdjNDA2M2I/ Best regards, Matteo

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Steve basford
On 8 December 2016 20:39:49 Jack wrote: In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs: They are available on the to use on the download script already I seem to remember. I've high fps with them and had

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Jack
In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs: https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb Please feel free to reach out with

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Michael D. L.
ClamAV doesn't detect/protect against malware by default. You need to add third-party databases like http://sanesecurity.com/ Works really well for me. Cheers. On 12/08/2016 05:53 PM, Matteo Dessalvi wrote: Hi all. In the last couple of days our Human Resources have received a bunch of

[clamav-users] Goldeneye ransomware

2016-12-08 Thread Matteo Dessalvi
Hi all. In the last couple of days our Human Resources have received a bunch of email with this kind of ransomware attached (as Excel file) and ClamAV was unfortunately unable to stop it. Anybody stumbled upon it recently? If yes, did you create your own signature for it? I have just submitted