[clamav-users] Understanding OLE2BlockMacros
dennispe at inetnw.com
Thu Aug 25 16:20:56 EDT 2016
On 8/25/16 1:10 PM, Bowie Bailey wrote:
> On 8/25/2016 3:10 PM, Steve Basford wrote:
>>> Try this:
>>> 1) Enable OLE2BlockMacros and restart clamd
>>> 2) Use clamdscan to test your sample message and note the results
>>> 3) Disable OLE2BlockMacros and restart clamd
>>> 4) Use clamdscan to test your sample message again and note these results
>> Something else...
>> In amavisd-new there are virus_name_to_spam_score_maps
>> For example:
>> If the setting to block macros is enable in ClamAV and is actually hitting,
>> it should hit with Heuristics.OLE2.ContainsMacros
>> But.. I don't think amavisd-new has a virus_name_to_spam_score_maps for
>> Heuristics.OLE2.ContainsMacros so, it might let the email through but
>> just mark it, instead of blocking it?
>> # [ qr’^Heuristics\.OLE2\.ContainsMacros’
>> => undef ],# keep as infected
>> Does that change things?
> I think the issue is that he wants to block recognized viruses, but only mark
> heuristic matches.
That would be a scoring task in Amavisd.
More information about the clamav-users