similar to: ransomware etc

IMO, First secure your entry points.. Mail webserver and proxy and the exit points. ( your users environment in my case windows 7/10 desktops.) Im waiting until trevor has the antivirus vfs is ready for samba 4. @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-) (https://github.com/fumiyas/samba-virusfilter/issues/23) I've seen good work but

On 06/28/2017 07:13 AM, L.P.H. van Belle via samba wrote: > IMO, > > First secure your entry points.. Mail webserver and proxy and the exit points. ( your users environment in my case windows 7/10 desktops.) > > Im waiting until trevor has the antivirus vfs is ready for samba 4. > @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-)

Hai, Not really a question for samba technical, but i can share this. No need for setting things on samba, that wont help a lot. Below is my setup and its just how you configure your pc's. This and almost all other "malware" is EASY to block, but it wil have impact on how your work. First, start with NEVER work/run as user with administrator rights. If one needs it, then not

I have had the same email address since 1997 (when microsoft stole bob.com from me thanks to network solutions...) In the early days I of course was free with my email and used it everwhere. Fast forward to 2012, some 15 years later. woof..the amount of spam sent to me has always just kept getting worse and worse. On my centos 5 server I just used sendmail with spamassassin and it killed a

Hello people, I am using now qmail in cluster with LDAP + Interscan Messaging Security Suite from Trendmicro. I need to develop a new solution with: - postfix - dovecot - anti-spam - anti-malware. I am thankful any help or suggestion for anti-spam and anti-malware. Thanks in advance! -- :) cumprimentos ---------------------- Jos? Lu?s Faria Network Eng./Administrador de

hello list hello dovecot network hello all the reader here is a sieve script this ######################################## require ["fileinto","regex","comparator-i;ascii-numeric","reject","relational"]; # rule:[spammanage] if header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["500"] {

On Wed, Jun 28, 2017 at 8:42 AM, David Disseldorp via samba <samba at lists.samba.org> wrote: > Hi, > > On Wed, 28 Jun 2017 11:08:11 +0200, mj via samba wrote: > >> Hi all, >> >> Just out of curiosity: is there anything we can do, on the samba side, >> to counter the recent ransomware attacks? (or limit the damage done) >> >> I'm thinking

v3: - allow to load multiple rule files - added optional namespace parameter to yara_load - move destructor logic in yara module - use generic file upload logic - use generic temporary path function Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests

v2: - Fix yara dependency in packagelist - Use pkg-config where available - Improve longdesc of yara_load API - Fix libyara initialization and finalization - Import CLEANUP_FCLOSE - Add custom CLEANUP_DESTROY_YARA_COMPILER - Add rules compilation error callback - Other small fixes according to comments Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API:

Yara is a rule based scanning engine aimed to help malware analysts in finding and classifying interesting samples. https://github.com/VirusTotal/yara This series adds Yara support to Libguestfs allowing to upload sets of rules and scanning files against them. Currently provided APIs: - yara_load: loads a set of rules - yara_destroy: free resources allocated by loaded rules - yara_scan:

Rebase patches on top of 1.35.25. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v9: - fixes according to comments Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +-

v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load multiple

v8: - Ignore returned value in daemon/upload.c - Report serialization errors in lib/yara.c Matteo Cafasso (8): daemon: ignore unused return value in upload function daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in

Rebase patches on top of 1.37.1. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

On 05/15/2016 01:00 PM, Andrew Bartlett wrote: > On Sat, 2016-05-14 at 22:42 -0700, ToddAndMargo wrote: >> Hi All, >> >> Is there anything in Samba that will help protect >> against ransomware? > > I've not had to look into this properly, but I would suggest that > regular and genuinely offline backups and regular Read Only snapshots. > > Andrew

v5: - rebase on top of 1.37.9 - add missing actions_yara.* files Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v7: - Fixes according to comments - Rebase on top of 1.37.12 Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

Am 17.05.2016 um 09:47 schrieb Fabian Cenedese: > >> Am 16.05.2016 um 07:32 schrieb ToddAndMargo: >>> May I surmise that all the encrypted file now have >>> an extra extension of ".crypt"? So it is easy to >>> see who got clobbered. >> >> how do you come to that conclusion and even if some malware acts that way what makes you sure you can

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log