cryptolocker

6 posts / 0 new
Last post
#1 Thu, 10/22/2015 - 23:42
AllanIT

cryptolocker

Hi Guys

I am after some advice. Several of my users are receiving emails with cryptolocker in them and one even clicked on the link encrypting her entire computer. I have Operating system Ubuntu Linux 14.04.2, Webmin version 1.770, Virtualmin version 4.18.gpl, Postfix Mail Server, SpamAssassin Mail Filter and Procmail Mail Filter.

Should the email system detect cryptolocker?

Are the some changes I can make to improve the detection?

Fri, 10/23/2015 - 10:31
andreychek

Howdy,

I'm not too familiar with how cyptolocker is sent.

What is it that was send in the email -- was it an attachment of some kind, or is it purely a link that users have to click on?

-Eric

Fri, 10/23/2015 - 12:43
Diabolico
Diabolico's picture

AllanIT do not rely on ClamAV because is useless. Please check my post here: http://www.virtualmin.com/node/38348#comment-155406 and make your mind what to do.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Fri, 10/23/2015 - 20:25
AllanIT

Hi Eric

Well sometimes there is just an attachment in the form of a .doc or a .zip and other times it is a link to a web address somewhere and still others it is a combination of both. See the Wilipedia description for it here https://en.wikipedia.org/wiki/CryptoLocker . It has been around for a while in its many forms and should be able to be detected.

Thanks Diabolico Could you provice a bit more info about you sugestions plaese.

Sat, 10/24/2015 - 02:55
Diabolico
Diabolico's picture

There was few alternatives (like Comodo for linux) but i'm not sure what solution can be used now, updates, active development, etc... The only one i know it works great is SpamExperts but its not free, the price is based per domain and you need to contact them. You have two options to host the software on your server or their cloud. This solution i would take in case i'm selling shared hosting but how my clients are usually Magento web-stores because of security the mail server is never hosted on same server as Magento and usually i'm going for external service.

Speaking of external service i can tell you for 3 of them i know from experience: GoogleApps, Rackspace and Zoho. The last one is for now my 1st choice because i get everything like with GoogleApps but much cheaper.

I'm not sure why ClamAV comes out so bad even when i was testing on my server with Centos 7. Maybe have something to do how Vmin installation or something else, frankly i dont know. But if you want to play around you could always reinstall Ubuntu, Wmin/Vmin but without Spamassassin and ClamAV and then manually install this two applications. At least you could see if the problem is with Vmin or ClamAV is really so bad.

If you want something really cheap and effective maybe the best solution would be SpamExperts but you should check with them and see what price you can get. This is it, right now i cant think of any other solution.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 11/05/2015 - 01:36
AllanIT

Hi Eric Have you had a chance to see if there is a problem with clamAV. Are there any suggestion to find out why these emails are getting through. I thought they use too be blocked by clamAV.

I have several of the emails that I can forward to you for you to look at if you want. the latest batch are quite safe if you open the .doc attachment with open office and click 'do not run macros'.

Any info would helpful.