Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: bosco555 on March 11, 2014, 12:59:28 AM
-
Hi all,
Although this type of virus was discovered last year, it is still alive and well. People still click on emails they should not click on and they get infected. I have a client who's basically lost everything in their data directory as the virus encrypts documents/spreadsheets, etc. SME had let this type of virus through. Just to make you guys aware of this
-
bosco555
Please report a bug at bugzilla, link at top of forums, preferably giving full details rather than generalizations.
Thanks
-
It's not a bug, the virus comes through emails from Fedex, UPS, DHL, Australia Post, and the like. It affects files on network shares and it demands a payment so that files may be decrypted. I was just going to make you guys aware of this threat.
Not sure that opening a bug would do much good, seen that there is no known way to decrypt the files. The infection can be dealt with by using a bootable CD/USB with antivirus/trojan software. However the files are still going to be encrypted and virtually useless.
-
Thanks for that bosco555
However, this is really an issue for the anti-virus applications users run on their workstations, not SME.
SME has clamav, which scans files stored on the server (or so I believe).
The ransomware style of virus does its dirty work when you open your email - on your PC, or Mac or whatever, not on the SME.
So, the solution is to have good, up-to-date AV software running on your workstation, one that monitors in real-time. And preferably one that an monitor in webmail and attachments.
It was a timely reminder that we all need to be careful.
Cheers
Ian :smile:
-
@bosco555
hi,
Although this type of virus was discovered last year, it is still alive and well. People still click on emails they should not click on and they get infected. I have a client who's basically lost everything in their data directory as the virus encrypts documents/spreadsheets, etc. SME had let this type of virus through. Just to make you guys aware of this
Are you serious or it 's a joke :lol:
I don't think you can say that this adventure is because of SME Server, no it's all your fault. You have to prevent this risk !
A little website list for your information in EN and FR(use chrome ;-) ):
- https://en.wikipedia.org/wiki/Portal:Computer_security
- https://www.sans.org/
- http://www.securityfocus.com/
- https://nvd.nist.gov/home.cfm
- http://www.ssi.gouv.fr/
- http://www.securite-informatique.gouv.fr/
- http://www.secuser.com/
- http://vigilance.fr/
- ...
and now, do your job and try teaching to your customer the good behaviour with Microsoft OS:
- http://www.securite-informatique.gouv.fr/autoformations/spt/co/SPT_web.html
It's not easy, but if you can't teach your customer how to fix this kind of risk, you shouldn't let them use M$ Windows?
Regards
-
Hi all,
Although this type of virus was discovered last year, it is still alive and well. People still click on emails they should not click on and they get infected. I have a client who's basically lost everything in their data directory as the virus encrypts documents/spreadsheets, etc. SME had let this type of virus through. Just to make you guys aware of this
as long as mail content is clean (SME scans every incoming email via CLamav/clamd), the problem is between keyboard and chair
I told my users many years ago: "before clicking on everything is appearing on the screen, switch on your brain and ask yourself 'is it a good/smart idea? is that mail real?'"
strange enough, in the last 3 years I had only an issue.. phishing..
it's not a technical issue, is an human one