On 05/15/2017 01:04 PM, Mark Foley wrote:
> On Mon May 15 15:06:07 2017 "Eric Tykwinski" wrote:
>> Here's links to sample files, ie use at your own risk:
>> https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
>>
>> Sincerely,
>>
>> Eric Tykwinski
>> TrueNet, Inc.
>> P: 610-429-8300
>>
lamav-users-boun...@lists.clamav.net] On Behalf
> Of Dennis Peterson
> Sent: Tuesday, May 16, 2017 12:25 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with
> clamav
>
> If not email what is the vector?
>
> dp
>
>>
ennis Peterson
Sent: Tuesday, May 16, 2017 12:25 PM
To: ClamAV users ML
Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with
clamav
If not email what is the vector?
dp
On 5/15/17 5:11 PM, Joel Esler (jesler) wrote:
> To be clear let me link to our blog post on the subject:
If not email what is the vector?
dp
On 5/15/17 5:11 PM, Joel Esler (jesler) wrote:
To be clear let me link to our blog post on the subject:
http://blog.talosintelligence.com/2017/05/wannacry.html
There has been No email vector seen in WannaCry to date. Almost everyone that
has claimed this,
To be clear let me link to our blog post on the subject:
http://blog.talosintelligence.com/2017/05/wannacry.html
There has been No email vector seen in WannaCry to date. Almost everyone that
has claimed this, has retracted it. Please read the above blog post for all the
facts as we know them.
>
> > -----Original Message-----
> > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf
> > Of Mark Foley
> > Sent: Monday, May 15, 2017 2:58 PM
> > To: clamav-users@lists.clamav.net
> > Subject: Re: [clamav-users] Malware
M
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with
> clamav
>
> On Sat May 13 13:25:07 2017 From: Alain Zidouemba
> wrote:
> >
> > Yara rules have been supported by ClamAV since 2015:
> > http://blog.clamav.net
Just as a side note, normal rules are catching the samples, so I don't know
if it would display both YARA and the others.
Here's what the samples show without YARA:
./CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE:
Win.Ransomware.WannaCry-6313053-0 FOUND
./CYBERed01ebfbc9
Foley
Sent: Monday, May 15, 2017 2:58 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with
clamav
On Sat May 13 13:25:07 2017 From: Alain Zidouemba
wrote:
>
> Yara rules have been supported by ClamAV since 2015:
> http://blog.clam
On Sat May 13 13:25:07 2017 From: Alain Zidouemba
wrote:
>
> Yara rules have been supported by ClamAV since 2015:
> http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
>
> - Alain
I'm following these instructions now. The instruction say, "just place your
YARA rule files into the ClamAV
On 14/05/17 17:42, G.W. Haywood wrote:
>> Are clamav users protected from this ransomware?
Partially. Everyone agrees:
* Check MS17-010 is applied on every Windows device you can - before
tomorrow!
I don't have access to samples, but ClamAV seems to be picking up some
of Wcry/WanaCrypt0r/WannaC
ClamAV isn't only used for mail. Clamwin and Immunet client will catch this.
--
Sent from my iPhone
> On May 14, 2017, at 12:42, G.W. Haywood wrote:
>
> Hi there,
>
>> On Sun, 14 May 2017, Alex wrote:
>>
>> Are clamav users protected from this ransomware?
>
> To be clear about this, the c
Hi there,
On Sun, 14 May 2017, Alex wrote:
Are clamav users protected from this ransomware?
To be clear about this, the current excitement is caused by a 'worm'.
That means if vulnerable, network-connected systems are not protected
from each other, for example by a firewall, the worm can prop
To address WannaCry, look up signatures with the name:
Win.Ransomware.WannaCry-*
Re: email & WannaCry:
http://blog.talosintelligence.com/2017/05/wannacry.html?showComment=1494655249347#c771405865891887102
Re: anything further we need to do to protect ourselves:
"Organizations should ensure that
Hi,
On Sat, May 13, 2017 at 1:32 PM, Alain Zidouemba
wrote:
> For "WannaCry", look for ClamAV signatures:
> Win.Ransomware.WannaCry-*
Are clamav users protected from this ransomware? Are there possible
variants not yet detected? Is there anything further we need to do to
protect ourselves, as it
We don't ship Yara rules. We continue to ship signatures in the ClamAV
signatures format
ClamAV includes Yara support so that end-users can choose to locally use
Yara rules like the ones you referenced.
Alain
On Sat, May 13, 2017 at 2:12 PM, Alex wrote:
> Hi,
>
> On Sat, May 13, 2017 at 1:24 P
Hi,
On Sat, May 13, 2017 at 1:24 PM, Alain Zidouemba
wrote:
> Yara rules have been supported by ClamAV since 2015:
> http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
Yes, I saw that, but maybe I'm misunderstanding the benefit of yara.
Are the signatures not updated/created in real-tim
For "WannaCry", look for ClamAV signatures:
Win.Ransomware.WannaCry-*
Alain
On Sat, May 13, 2017 at 1:24 PM, Alain Zidouemba
wrote:
> Yara rules have been supported by ClamAV since 2015:
> http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
>
> - Alain
>
> On Sat, May 13, 2017 at 1:16 PM
Yara rules have been supported by ClamAV since 2015:
http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
- Alain
On Sat, May 13, 2017 at 1:16 PM, Alex wrote:
> Hi,
>
> So you've probably heard of the latest ransomware dubbed WannaCry. I'm
> wondering if anyone has figured out a way to in
Hi,
So you've probably heard of the latest ransomware dubbed WannaCry. I'm
wondering if anyone has figured out a way to integrate the yara
signatures for these types of exploits with spamassassin?
https://www.us-cert.gov/ncas/alerts/TA17-132A
What is the status of development of integration of y
20 matches
Mail list logo