[clamav-users] Understanding OLE2BlockMacros

Reindl Harald h.reindl at thelounge.net
Wed Aug 24 04:16:40 EDT 2016



Am 24.08.2016 um 01:14 schrieb Alex:
> I'm using clamav on fedora23 with amavisd-new and would like to tag
> each email that contains macros with Heuristics.OLE2.ContainsMacros.
> I've enabled OLE2BlockMacros, but it appears it actually lets them
> through instead of blocking them outright when this setting is made.
>
> What is the proper configuration of clamav to tag all emails with
> macro attachments with Heuristics.OLE2.ContainsMacros as well as block
> those emails with attachments that contain macro viruses?

clamav don't block or tag anything - that's better suited as a question 
at the amavisd-new list, however normally you raise the score to a level 
where amavisd-new or spamassassin starts to tag
_______________________

example of NON-AMAVIS setup with a non.default SA-plugin

cat /etc/mail/spamassassin/clamav.cf
ifplugin Mail::SpamAssassin::Plugin::ClamAV
  full      CLAMAV_JNK  eval:check_clamav('/run/clamd/clamd-sa.sock')
  describe  CLAMAV_JNK  ClamAV detected malware/phishing/junk
  priority  CLAMAV_JNK  800
  score     CLAMAV_JNK  6.0

  full      CLAMAV_MLW  eval:check_clamav('/run/clamd/clamd.sock')
  describe  CLAMAV_MLW  ClamAV detected malware/phishing
  priority  CLAMAV_MLW  800
  score     CLAMAV_MLW  9.9
endif

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160824/e2c9baa9/attachment.sig>


More information about the clamav-users mailing list