Quarantine doc Files only with Macros?
Dino Edwards
dino.edwards at mydirectmail.net
Fri Feb 24 17:39:07 CET 2017
Strange indeed. Just spit balling here, is the $final_virus_destiny in amavis on both servers set the same? Do you have amavis policies set on the servers?
-----Original Message-----
From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
Sent: Friday, February 24, 2017 11:30 AM
To: Dino Edwards <dino.edwards at mydirectmail.net>
Cc: amavis-users at amavis.org; amavis-users <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
Subject: Re: Quarantine doc Files only with Macros?
You are right, we have two different linux servers with mailservers and they are both set in the clamav config files like below but one of them is blocking outbound OLE2 macro files and the other one only blocks incoming OLE2 marco files?
Services clamav-daemon and amavis were restarted.
> -----Original Message----- from Dino Edwards:
> Did you restart clamav? So you have two mailservers and they are both
> set in the clamav config files like below but one of them is blocking
> outbound OLE2 macro files and the other one only blocks incoming OLE2
> marco files? Am I understanding this correctly?
>
>
>
> -----Original Message-----
> From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
> Sent: Friday, February 24, 2017 11:04 AM
> To: Dino Edwards <dino.edwards at mydirectmail.net>
> Cc: amavis-users at amavis.org; amavis-users
> <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
> Subject: Re: Quarantine doc Files only with Macros?
>
> Both is set. I had to restart service amavis-daemon I think. But now
> at one of two mailservers there is only outgoing mail blocked and at
> the other only incoming mail.
>
> Strange!
>
>
> Am 2017-02-24 11:04, schrieb Dino Edwards:
>> I believe both of these have to be set to true in order for that to
>> work
>>
>> ScanOLE2 true
>> OLE2BlockMacros true
>>
>>
>> -----Original Message-----
>> From: amavis-users
>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org
>> ] On Behalf Of postmaster at wf-partner.com
>> Sent: Friday, February 24, 2017 2:08 AM
>> To: amavis-users at amavis.org
>> Subject: Re: Quarantine doc Files only with Macros?
>>
>> I turned on "OLE2BlockMacros true", but a word file containing a
>> macro virus was not classified as "INFECTED". I had renamed the file
>> before sending a test mail.
>>
>> Any ideas what could I do to get all files with macros to be
>> quarantined?
>>
>> Kind regards
>> Thomas
>>
>> -----Original Message-----
>>> From: amavis-users
>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.or
>>> g ] On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at
>>> cac-chem.de wrote
>>> Sent: Wednesday, December 14, 2016 11:42 AM
>>> To: amavis-users at amavis.org
>>> Subject: Quarantine doc Files only with Macros?
>>>
>>> Hello Klaus,
>>>
>>> if you use ClamAV, then you can set it's option "OLE2BlockMacros
>>> true".
>>> This detects MS
>>> Office Macros regardless of the file extension. If a macro is found,
>>> then the file is classified as a virus ("INFECTED:
>>> Heuristics.OLE2.ContainsMacros").
>>>
>>> Regards,
>>>
>>> Christian
More information about the amavis-users
mailing list