Hi there, On Sun, 14 May 2017, Alex wrote:
Are clamav users protected from this ransomware?
To be clear about this, the current excitement is caused by a 'worm'. That means if vulnerable, network-connected systems are not protected from each other, for example by a firewall, the worm can propagate itself between the systems with no user action whatever. All that is required is that the systems be running and connected to the network. This is why it has managed to affect over 200,000 systems in over 100 countries in just a few hours. It has nothing to do with mail. Clamav is irrelevant because there is nothing for ClamAV to scan, at least until it is too late. So ClamAV scanning mail cannot protect against this threat, and was not designed to do so.
Are there possible variants not yet detected?
Yes. And they'll keep coming.
Is there anything further we need to do to protect ourselves, as it relates to scanning mail at the gateway?
To repeat, this has nothing to do with mail. The issue is a buffer overflow caused by faulty coding present in Microsoft Windows products for almost as long as anyone can remember. All you can do is fix the vulnerable machines, or firewall them, or perhaps stop using them on a network. Windows 7, 10 and later boxes with automatic updates enabled should have picked up a fix in mid-March. As of yesterday a patch is available for other OS versions which are otherwise unsupported by Microsoft. I've just spent most of the weekend patching customers' 2003 Server and XP machines. Search the Microsoft Update Catalog for KB4012598. The download page has 13 assorted files for various flavours of XP, Vista, 8, Server 2003 and Server 2008 - or at least it did yesterday. When I grabbed the files the download servers were showing signs of stress, as you might expect, but they were at least holding up.
They're talking about more attacks coming on Monday?
Forget Monday, they're here already. Comments on a postcard, please, to the NSA. For example you might like to remind them what the 'S' in those initials stands for, as they surely seem to have forgotten. And I think Donald fired the head of the wrong agency. Oh, hang on, that's a bit political for this list. :) -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
