To address WannaCry, look up signatures with the name: Win.Ransomware.WannaCry-*
Re: email & WannaCry: http://blog.talosintelligence.com/2017/05/wannacry.html?showComment=1494655249347#c771405865891887102 Re: anything further we need to do to protect ourselves: "Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Additionally, organizations should have SMB ports (139, 445) blocked from all externally accessible hosts." Please refer to this blog post for additional information about this ransomware: http://blog.talosintelligence.com/2017/05/wannacry.html Alain On Sun, May 14, 2017 at 11:09 AM, Alex <mysqlstud...@gmail.com> wrote: > Hi, > > On Sat, May 13, 2017 at 1:32 PM, Alain Zidouemba > <azidoue...@sourcefire.com> wrote: > > For "WannaCry", look for ClamAV signatures: > > Win.Ransomware.WannaCry-* > > Are clamav users protected from this ransomware? Are there possible > variants not yet detected? Is there anything further we need to do to > protect ourselves, as it relates to scanning mail at the gateway? > > They're talking about more attacks coming on Monday? > > Thanks, > Alex > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
