Quarantine doc Files only with Macros?

Dino Edwards dino.edwards at mydirectmail.net
Fri Feb 24 17:11:34 CET 2017


Did you restart clamav? So you have two mailservers and they are both set in the clamav config files like below but one of them is blocking outbound OLE2 macro files and the other one only blocks incoming OLE2 marco files? Am I understanding this correctly?



-----Original Message-----
From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com] 
Sent: Friday, February 24, 2017 11:04 AM
To: Dino Edwards <dino.edwards at mydirectmail.net>
Cc: amavis-users at amavis.org; amavis-users <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
Subject: Re: Quarantine doc Files only with Macros?

Both is set. I had to restart service amavis-daemon I think. But now at one of two mailservers there is only outgoing mail blocked and at the other only incoming mail.

Strange!


Am 2017-02-24 11:04, schrieb Dino Edwards:
> I believe both of these have to be set to true in order for that to 
> work
> 
> ScanOLE2 true
> OLE2BlockMacros true
> 
> 
> -----Original Message-----
> From: amavis-users
> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org]
> On Behalf Of postmaster at wf-partner.com
> Sent: Friday, February 24, 2017 2:08 AM
> To: amavis-users at amavis.org
> Subject: Re: Quarantine doc Files only with Macros?
> 
> I turned on "OLE2BlockMacros true", but a word file containing a macro 
> virus was not classified as "INFECTED". I had renamed the file before 
> sending a test mail.
> 
> Any ideas what could I do to get all files with macros to be 
> quarantined?
> 
> Kind regards
> Thomas
> 
> -----Original Message-----
>> From: amavis-users
>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org
>> ] On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at 
>> cac-chem.de wrote
>> Sent: Wednesday, December 14, 2016 11:42 AM
>> To: amavis-users at amavis.org
>> Subject: Quarantine doc Files only with Macros?
>> 
>> Hello Klaus,
>> 
>> if you use ClamAV, then you can set it's option "OLE2BlockMacros 
>> true".
>> This detects MS
>> Office Macros regardless of the file extension. If a macro is found, 
>> then the file is classified as a virus ("INFECTED:
>> Heuristics.OLE2.ContainsMacros").
>> 
>> Regards,
>> 
>> Christian


More information about the amavis-users mailing list