wanna cry ransomware patch for samba-4.5.5

L.P.H. van Belle belle at bazuin.nl
Thu May 18 06:41:15 UTC 2017

I do like the idee.. 

A vfs plugin that allows only certain mimetypes.

The suggestion to block files by type is a good idee imo but only if you use mimetype not extentions. 

I dont know that happens if an a crypto virus try to write a modified .docx of .pdf.
And you allow only .docx .pdf mimetypes.

And useing mimetypes, should prevent users for example write .exe files as .pdf files. 



> -----Oorspronkelijk bericht-----
> Van: samba-technical 
> [mailto:samba-technical-bounces at lists.samba.org] Namens 
> Jeremy Allison via samba-technical
> Verzonden: woensdag 17 mei 2017 22:28
> Aan: Yogesh Kulkarni
> CC: Jawath Muckdhar; samba-technical
> Onderwerp: Re: wanna cry ransomware patch for samba-4.5.5
> On Wed, May 17, 2017 at 12:01:27PM -0700, Yogesh Kulkarni wrote:
> > Thanks Jeremy.
> > 
> > I think that it is possible that an infected SAMBA client ( 
> a windows 
> > machine ) might be able to encrypt the files on the server 
> and affect 
> > the files.
> > Is there any way to prevent this from happening ?
> I can't see any way to prevent this. An infected Windows 
> client is just doing normal file operations
> (open/read/write/close) to the Samba server. There's no way 
> for the server to know these operations are malicious and 
> indended to encrypt the file data without the user's consent.

More information about the samba-technical mailing list