SA offers no protection whatsoever for CryptoWall or any other similar malware.
ClamAV is the tool for that if you want "free". SA is only a classifier. The
user's setup or that of the ISP using SA uses that classification to pigeonhole
spam. To the extent that CryptoWall comes in a message that looks like spam
there is some protection, depending on how SA is deployed with secondary tools.
SA itself merely classifies spam.
If the machine has been hit by something like CryptoWall getting anything off of
it is unlikely.
And ClamAV is better than nothing. Safe browsing is more pertinent. Dual AV
programs also help, but slow the machine down dramatically. Some of the newer
tools that use other levels of analysis from typical AV tools can also
materially help.
This is probably the wrong venue for this question.
{^_^} Joanne
On 2014-12-22 16:56, Alex Regan wrote:
Hi all,
I suspect at least one of my customers has been hit with CryptoWall 2.0, and
wondered if anyone had any experience with it, and understand the level of
protection the latest SA provides?
What can I look for either in the mail logs or actual email archives as an
indication of potential issues?
If you're infected, does it automatically mean your hard disk is encrypted and
otherwise useless, or does it affect a system to varying degrees?
Is this even more of a clamav issue? Do you have any knowledge about clamav
patterns?
Thanks,
Alex
