Quarantine doc Files only with Macros?
Dino Edwards
dino.edwards at mydirectmail.net
Fri Feb 24 11:04:29 CET 2017
I believe both of these have to be set to true in order for that to work
ScanOLE2 true
OLE2BlockMacros true
-----Original Message-----
From: amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of postmaster at wf-partner.com
Sent: Friday, February 24, 2017 2:08 AM
To: amavis-users at amavis.org
Subject: Re: Quarantine doc Files only with Macros?
I turned on "OLE2BlockMacros true", but a word file containing a macro virus was not classified as "INFECTED". I had renamed the file before sending a test mail.
Any ideas what could I do to get all files with macros to be quarantined?
Kind regards
Thomas
-----Original Message-----
> From: amavis-users
> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org]
> On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at
> cac-chem.de wrote
> Sent: Wednesday, December 14, 2016 11:42 AM
> To: amavis-users at amavis.org
> Subject: Quarantine doc Files only with Macros?
>
> Hello Klaus,
>
> if you use ClamAV, then you can set it's option "OLE2BlockMacros true".
> This detects MS
> Office Macros regardless of the file extension. If a macro is found,
> then the file is classified as a virus ("INFECTED:
> Heuristics.OLE2.ContainsMacros").
>
> Regards,
>
> Christian
More information about the amavis-users
mailing list