On Fri, 20 May 2016 09:31:48 +0300 Emin Akbulut <eminakbu...@gmail.com> wrote:
> What do you suggest to fight these spams? ClamAV is basically useless. We do it the hard way. We list the contents of attached archives (using "lsar") and have filename-extension rules that block .js inside .zip files. While this can lead to some FPs, which we handle with selective whitelisting, it's very effective at catching the latest crop of cryptolocker-style attacks. Sorry for the non-easy answer. Doing it properly requires a non-trivial amount of coding. Regards, Dianne.
