How to Block :: Goldeneye

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to Block :: Goldeneye

Martin Voßloh-2

Hi,

is it possible to block mails from: [hidden email]

Info: https://www.heise.de/security/meldung/Goldeneye-Ransomware-greift-gezielt-Personalabteilungen-an-3562281.html

Red-listing is not possible and with „Regular Expression for Header and Data Part** <a href="javascript:void(0);">(bombRe)“ I have no luck.

Thanks and Regards,

Martin

 

 


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: How to Block :: Goldeneye

Thomas Eckardt/eck
blackListedDomains

rolf.drescher@*
rolf_drescher@*

in addition use the latest ASSP_AFC and block executables (also in compressed files)
use ClamAV and the SaneSecurity signatures - eg. Foxhole

Thomas





Von:        Martin Voßloh <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Datum:        07.12.2016 16:09
Betreff:        [Assp-test] How to Block :: Goldeneye




Hi,
is it possible to block mails from: rolf.drescher@
Info: https://www.heise.de/security/meldung/Goldeneye-Ransomware-greift-gezielt-Personalabteilungen-an-3562281.html
Red-listing is not possible and with „Regular Expression for Header and Data Part** <a href="javascript:void(0);">(bombRe)“ I have no luck.
Thanks and Regards,
Martin
 
 ------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: How to Block :: Goldeneye

Martin Voßloh-2

Hi Thomas,

 

Thank you.

(The latest ASSP_AFC_4.43.zip is not available on sourceforge)

 

Regards,

Martin

 

Von: Thomas Eckardt [mailto:[hidden email]]
Gesendet: Mittwoch, 7. Dezember 2016 16:20
An: ASSP development mailing list <[hidden email]>
Betreff: Re: [Assp-test] How to Block :: Goldeneye

 

blackListedDomains

[hidden email]*
[hidden email]*

in addition use the latest ASSP_AFC and block executables (also in compressed files)
use ClamAV and the SaneSecurity signatures - eg. Foxhole

Thomas





Von:        Martin Voßloh <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Datum:        07.12.2016 16:09
Betreff:        [Assp-test] How to Block :: Goldeneye





Hi,
is it possible to block mails from: [hidden email]
Info: https://www.heise.de/security/meldung/Goldeneye-Ransomware-greift-gezielt-Personalabteilungen-an-3562281.html
Red-listing is not possible and with „Regular Expression for Header and Data Part** <a href="javascript:void(0);">(bombRe)“ I have no luck.
Thanks and Regards,
Martin
 
 ------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: How to Block :: Goldeneye

Thomas Eckardt/eck
Just published ASSP_AFC 4.44 at sourceforge and CVS.

- better performance for large attachments
- lower memory footprint for large attachments
- all attachment detection mistakes are solved, even for malformed MIME parts

Thomas





Von:        Martin Voßloh <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Datum:        07.12.2016 16:32
Betreff:        Re: [Assp-test] How to Block :: Goldeneye




Hi Thomas,
 
Thank you.
(The latest ASSP_AFC_4.43.zip is not available on sourceforge)
 
Regards,
Martin
 
Von: Thomas Eckardt [mailto:Thomas.Eckardt@...]
Gesendet:
Mittwoch, 7. Dezember 2016 16:20
An:
ASSP development mailing list <[hidden email]>
Betreff:
Re: [Assp-test] How to Block :: Goldeneye

 
blackListedDomains

rolf.drescher@*
rolf_drescher@*

in addition use the latest ASSP_AFC and block executables (also in compressed files)

use ClamAV and the SaneSecurity signatures - eg. Foxhole


Thomas





Von:        
Martin Voßloh <Martin.Vossloh@...>
An:        
ASSP development mailing list <[hidden email]>
Datum:        
07.12.2016 16:09
Betreff:        
[Assp-test] How to Block :: Goldeneye





Hi,

is it possible to block mails from:
rolf.drescher@
Info:
https://www.heise.de/security/meldung/Goldeneye-Ransomware-greift-gezielt-Personalabteilungen-an-3562281.html
Red-listing is not possible and with „Regular Expression for Header and Data Part**
<a href="javascript:void(0);">(bombRe)“ I have no luck.
Thanks and Regards,

Martin

 
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Assp-test mailing list

[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test