[clamav-users] Understanding OLE2BlockMacros
h.reindl at thelounge.net
Wed Aug 24 12:20:49 EDT 2016
Am 24.08.2016 um 18:12 schrieb Alex:
>>> I'm using clamav on fedora23 with amavisd-new and would like to tag
>>> each email that contains macros with Heuristics.OLE2.ContainsMacros.
>>> I've enabled OLE2BlockMacros, but it appears it actually lets them
>>> through instead of blocking them outright when this setting is made.
>>> What is the proper configuration of clamav to tag all emails with
>>> macro attachments with Heuristics.OLE2.ContainsMacros as well as block
>>> those emails with attachments that contain macro viruses?
>> clamav don't block or tag anything - that's better suited as a question at
>> the amavisd-new list, however normally you raise the score to a level where
>> amavisd-new or spamassassin starts to tag
> I'm using clamav with amavis to block them outright.
> It appears that using OLE2BlockMacros causes attachments with macros,
> viruses or not, to just be marked by amavis with the
> Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
> blocks them but forwards them on.
> Is this the intended behavior?
"Heuristics.OLE2.ContainsMacros" does excatly what th eoption says - it
hits on attachments which contain *any* macro
> Is there no way to configure it to mark emails with macro attachments
> and block the ones with macro attachments with viruses?
known viruses are hit by signatures and so on - the whole purpose of
Heuristics is to hit one *unknown* incarnations
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the clamav-users