Thank you for sharing this. I can relate how annoying these emails have been in the last couple of months. Been doing some research on mitigating this at our organisation. We currently have exim+spamassassin+clamav setup on our MX. A bit of googling lead me to the links below and implementing them has significantly assisted in blocking majority of these email attachments. I am sure there are hacks for other *nix MTAs. Hoping this info will be useful other email admins. [1] https://github.com/Exim/exim/wiki/ExiscanFilenameBlocking [2] https://github.com/extremeshok/clamav-unofficial-sigs Cheers. On 10 November 2016 at 12:37, Tony White via skunkworks < skunkworks@lists.my.co.ke> wrote:
If anyone still has client-based email software collecting emails, be very suspicious of ALL emails with attachments.
Why not set up a filter to forward any email with an attachment to a gmail account, and then pick the attachment from there. Google will sanitise your attachments - and you don't have to use this gmail account for sending, so you can still use your corporate email for sending/replying to genuine mails.
Just an idea ;)
Cheers, Tony
On 10/11/2016, Alex Ngatia via skunkworks <skunkworks@lists.my.co.ke> wrote:
Hi guys,
In light of recent ransom ware attacks an interesting read on the issue:
http://www.symantec.com/content/en/us/enterprise/ media/security_response/ whitepapers/ISTR2016_Ransomware_and_Businesses.pdf
The spammers/hackers have gone a step further and I now get suspicious emails containing zip and doc files from African names.
Regards,
Alex
-- Tony White
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, David