[clamav-users] Understanding OLE2BlockMacros
Reindl Harald
h.reindl at thelounge.net
Wed Aug 24 08:16:40 UTC 2016
Am 24.08.2016 um 01:14 schrieb Alex:
> I'm using clamav on fedora23 with amavisd-new and would like to tag
> each email that contains macros with Heuristics.OLE2.ContainsMacros.
> I've enabled OLE2BlockMacros, but it appears it actually lets them
> through instead of blocking them outright when this setting is made.
>
> What is the proper configuration of clamav to tag all emails with
> macro attachments with Heuristics.OLE2.ContainsMacros as well as block
> those emails with attachments that contain macro viruses?
clamav don't block or tag anything - that's better suited as a question
at the amavisd-new list, however normally you raise the score to a level
where amavisd-new or spamassassin starts to tag
_______________________
example of NON-AMAVIS setup with a non.default SA-plugin
cat /etc/mail/spamassassin/clamav.cf
ifplugin Mail::SpamAssassin::Plugin::ClamAV
full CLAMAV_JNK eval:check_clamav('/run/clamd/clamd-sa.sock')
describe CLAMAV_JNK ClamAV detected malware/phishing/junk
priority CLAMAV_JNK 800
score CLAMAV_JNK 6.0
full CLAMAV_MLW eval:check_clamav('/run/clamd/clamd.sock')
describe CLAMAV_MLW ClamAV detected malware/phishing
priority CLAMAV_MLW 800
score CLAMAV_MLW 9.9
endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160824/e2c9baa9/attachment.sig>
More information about the clamav-users
mailing list