wanna cry ransomware patch for samba-4.5.5
L.P.H. van Belle
belle at bazuin.nl
Thu May 18 06:41:15 UTC 2017
I do like the idee..
A vfs plugin that allows only certain mimetypes.
The suggestion to block files by type is a good idee imo but only if you use mimetype not extentions.
I dont know that happens if an a crypto virus try to write a modified .docx of .pdf.
And you allow only .docx .pdf mimetypes.
And useing mimetypes, should prevent users for example write .exe files as .pdf files.
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens
> Jeremy Allison via samba-technical
> Verzonden: woensdag 17 mei 2017 22:28
> Aan: Yogesh Kulkarni
> CC: Jawath Muckdhar; samba-technical
> Onderwerp: Re: wanna cry ransomware patch for samba-4.5.5
> On Wed, May 17, 2017 at 12:01:27PM -0700, Yogesh Kulkarni wrote:
> > Thanks Jeremy.
> > I think that it is possible that an infected SAMBA client (
> a windows
> > machine ) might be able to encrypt the files on the server
> and affect
> > the files.
> > Is there any way to prevent this from happening ?
> I can't see any way to prevent this. An infected Windows
> client is just doing normal file operations
> (open/read/write/close) to the Samba server. There's no way
> for the server to know these operations are malicious and
> indended to encrypt the file data without the user's consent.
More information about the samba-technical