[clamav-users] Understanding OLE2BlockMacros
njones at megan.vbhcs.org
Thu Aug 25 14:49:23 EDT 2016
On 8/25/2016 1:39 PM, Alex wrote:
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hit and then the glue (amavis oder
>> clamav-milter or something like that) makes decisions what happens with the
> No, I understand my mail system. You are assuming I don't understand
> the mail system because it's easy for you to answer in that way rather
> than look at the whole context of the post. I never said that I
> expected clamav to actually block the viruses itself. Of course I
> understand amavisd is responsible for that. In case there was some
> confusion before, let it be known I understand clamav is not
> responsible for the destiny of the email.
> I'm talking about the clamav option OLE2BlockMacros option. This is a
> clamav option, not an amavis option.
> Maybe I should have stated my question more simply:
> What is the purpose of the OLE2BlockMacros option? What happens when
> it's set to "Yes"? What happens when it's set to "No"?
> Help us build a comprehensive ClamAV guide:
Perhaps you missed this setting:
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended,
# When disabled, virus/phish detected by heuristic scans will be
reported only at
# the end of a scan. If an archive contains both a heuristically
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found
# the scan is interrupted immediately, regardless of this config option.
# Default: no
More information about the clamav-users