[clamav-users] Understanding OLE2BlockMacros
Bowie_Bailey at BUC.com
Thu Aug 25 16:10:19 EDT 2016
On 8/25/2016 3:10 PM, Steve Basford wrote:
>> Try this:
>> 1) Enable OLE2BlockMacros and restart clamd
>> 2) Use clamdscan to test your sample message and note the results
>> 3) Disable OLE2BlockMacros and restart clamd
>> 4) Use clamdscan to test your sample message again and note these results
> Something else...
> In amavisd-new there are virus_name_to_spam_score_maps
> For example:
> If the setting to block macros is enable in ClamAV and is actually hitting,
> it should hit with Heuristics.OLE2.ContainsMacros
> But.. I don't think amavisd-new has a virus_name_to_spam_score_maps for
> Heuristics.OLE2.ContainsMacros so, it might let the email through but
> just mark it, instead of blocking it?
> # [ qr’^Heuristics\.OLE2\.ContainsMacros’
> => undef ],# keep as infected
> Does that change things?
I think the issue is that he wants to block recognized viruses, but only
mark heuristic matches.
More information about the clamav-users