Sandstorm does not recognize Locky?

I'm wondering, why Sandstorm does not recognize and block Locky.

Yesterday a E-Mail passed the UTM, with attached payment_document_659857.zip, containing *.js scripts.

The ZIP was not encrypted and for my unterstanding Sandstorm should have analyzed this file and blocked it, as the *.js are very suspicious, as the arey downloading the Locky payload.

On our Exchange Server, the E-Mail was detected by Trendmicro Scanmail for Exchange as JS_LOCKY.KF

0 lprikockis over 7 years ago in reply to Ben

hmmm... kind of wish I'd read this before making the decision to purchase a Sandstorm license for our UTM :-/

Blocking crud like Locky was precisely what we thought we were paying for.... I'll reserve judgement until we install/configure the new license but this thread has me on guard.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel