[clamav-users] Understanding OLE2BlockMacros
h.reindl at thelounge.net
Wed Aug 24 04:16:40 EDT 2016
Am 24.08.2016 um 01:14 schrieb Alex:
> I'm using clamav on fedora23 with amavisd-new and would like to tag
> each email that contains macros with Heuristics.OLE2.ContainsMacros.
> I've enabled OLE2BlockMacros, but it appears it actually lets them
> through instead of blocking them outright when this setting is made.
> What is the proper configuration of clamav to tag all emails with
> macro attachments with Heuristics.OLE2.ContainsMacros as well as block
> those emails with attachments that contain macro viruses?
clamav don't block or tag anything - that's better suited as a question
at the amavisd-new list, however normally you raise the score to a level
where amavisd-new or spamassassin starts to tag
example of NON-AMAVIS setup with a non.default SA-plugin
full CLAMAV_JNK eval:check_clamav('/run/clamd/clamd-sa.sock')
describe CLAMAV_JNK ClamAV detected malware/phishing/junk
priority CLAMAV_JNK 800
score CLAMAV_JNK 6.0
full CLAMAV_MLW eval:check_clamav('/run/clamd/clamd.sock')
describe CLAMAV_MLW ClamAV detected malware/phishing
priority CLAMAV_MLW 800
score CLAMAV_MLW 9.9
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the clamav-users