[clamav-users] Understanding OLE2BlockMacros

Alex mysqlstudent at gmail.com
Wed Aug 24 12:12:47 EDT 2016


Hi,

>> I'm using clamav on fedora23 with amavisd-new and would like to tag
>> each email that contains macros with Heuristics.OLE2.ContainsMacros.
>> I've enabled OLE2BlockMacros, but it appears it actually lets them
>> through instead of blocking them outright when this setting is made.
>>
>> What is the proper configuration of clamav to tag all emails with
>> macro attachments with Heuristics.OLE2.ContainsMacros as well as block
>> those emails with attachments that contain macro viruses?
>
> clamav don't block or tag anything - that's better suited as a question at
> the amavisd-new list, however normally you raise the score to a level where
> amavisd-new or spamassassin starts to tag

I'm using clamav with amavis to block them outright.

It appears that using OLE2BlockMacros causes attachments with macros,
viruses or not, to just be marked by amavis with the
Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
blocks them but forwards them on.

Is this the intended behavior?

Is there no way to configure it to mark emails with macro attachments
and block the ones with macro attachments with viruses?



More information about the clamav-users mailing list