Web lists-archives.com

Re: [Samba] ransomware etc




On 28.06.2017 11:51, mj via samba wrote:

And I posted one idea I found (the ransomware-samba-tools link earlier)
already, but I'm just trying to get some dialogue / brainstorming going
on here... :-)

IMHO, the only real defense is a versioned filesystem and very fine,
carefully planned access controls. Any antivirus will be lacking
behind.

An additional option could be testing file integrity checks after write
(still keeping the old version) as an early warning. When a file is
silently encrypted by ransomeware, the test will fail and we'll see a
file type change and can notify the operator or the file owner.

Of course, that will only work w/ known file types, and we'd need to
write lots of checker routines.


--mtx


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba