[clamav-users] Encrypted Word doc/phishing attack
Alex
mysqlstudent at gmail.com
Wed Oct 5 14:37:18 EDT 2016
Hi,
>>> [root at mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros
>>> OLE2BlockMacros no
>>>
>>> [root at mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros
>>> OLE2BlockMacros yes
>>
>>
>> Reindl, I appreciate your input, but I can't just outright reject docs
>> with macros. We're also talking about password-protected Word
>> documents here, not macro documents
>
> guess why i fixed the clamav-plugin for spamassassin and there are *two*
> instances like you can see above...
>
> reject is above 8.0 and the rest is done by bayes to avoid FP and other
> rules to make sure it's crap
Can you explain how you configured systemd to start two instances of
the same clamd binary using different config files?
Thanks,
Alex
>
> [root at mail-gw:/etc/mail/spamassassin]$ cat clamav.cf
> ifplugin Mail::SpamAssassin::Plugin::ClamAV
> full CLAMAV_JNK eval:check_clamav('/run/clamd/clamd-sa.sock')
> describe CLAMAV_JNK ClamAV detected malware/phishing/junk
> priority CLAMAV_JNK 800
> score CLAMAV_JNK 6.0
>
> full CLAMAV_MLW eval:check_clamav('/run/clamd/clamd.sock')
> describe CLAMAV_MLW ClamAV detected malware/phishing
> priority CLAMAV_MLW 800
> score CLAMAV_MLW 9.9
> endif
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list