Quarantine doc Files only with Macros?
postmaster at wf-partner.com
postmaster at wf-partner.com
Sat Feb 25 20:35:48 CET 2017
There is no difference in $final_virus_destiny ( = D_DISCARD;) an other
settings concerning virus.
I guess something with whitelisting or bypassing local mail senders.
> -----Original Message-----
> 2017-02-24 17:39, wrote Dino Edwards:
> Strange indeed. Just spit balling here, is the $final_virus_destiny in
> amavis on both servers set the same? Do you have amavis policies set
> on the servers?
>
>
>
> -----Original Message-----
> From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
> Sent: Friday, February 24, 2017 11:30 AM
> To: Dino Edwards <dino.edwards at mydirectmail.net>
> Cc: amavis-users at amavis.org; amavis-users
> <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
> Subject: Re: Quarantine doc Files only with Macros?
>
> You are right, we have two different linux servers with mailservers
> and they are both set in the clamav config files like below but one of
> them is blocking outbound OLE2 macro files and the other one only
> blocks incoming OLE2 marco files?
> Services clamav-daemon and amavis were restarted.
>
>> -----Original Message----- from Dino Edwards:
>> Did you restart clamav? So you have two mailservers and they are both
>> set in the clamav config files like below but one of them is blocking
>> outbound OLE2 macro files and the other one only blocks incoming OLE2
>> marco files? Am I understanding this correctly?
>>
>>
>>
>> -----Original Message-----
>> From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
>> Sent: Friday, February 24, 2017 11:04 AM
>> To: Dino Edwards <dino.edwards at mydirectmail.net>
>> Cc: amavis-users at amavis.org; amavis-users
>> <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
>> Subject: Re: Quarantine doc Files only with Macros?
>>
>> Both is set. I had to restart service amavis-daemon I think. But now
>> at one of two mailservers there is only outgoing mail blocked and at
>> the other only incoming mail.
>>
>> Strange!
>>
>>
>> Am 2017-02-24 11:04, schrieb Dino Edwards:
>>> I believe both of these have to be set to true in order for that to
>>> work
>>>
>>> ScanOLE2 true
>>> OLE2BlockMacros true
>>>
>>>
>>> -----Original Message-----
>>> From: amavis-users
>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org
>>> ] On Behalf Of postmaster at wf-partner.com
>>> Sent: Friday, February 24, 2017 2:08 AM
>>> To: amavis-users at amavis.org
>>> Subject: Re: Quarantine doc Files only with Macros?
>>>
>>> I turned on "OLE2BlockMacros true", but a word file containing a
>>> macro virus was not classified as "INFECTED". I had renamed the file
>>> before sending a test mail.
>>>
>>> Any ideas what could I do to get all files with macros to be
>>> quarantined?
>>>
>>> Kind regards
>>> Thomas
>>>
>>> -----Original Message-----
>>>> From: amavis-users
>>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.or
>>>> g ] On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at
>>>> cac-chem.de wrote
>>>> Sent: Wednesday, December 14, 2016 11:42 AM
>>>> To: amavis-users at amavis.org
>>>> Subject: Quarantine doc Files only with Macros?
>>>>
>>>> Hello Klaus,
>>>>
>>>> if you use ClamAV, then you can set it's option "OLE2BlockMacros
>>>> true".
>>>> This detects MS
>>>> Office Macros regardless of the file extension. If a macro is found,
>>>> then the file is classified as a virus ("INFECTED:
>>>> Heuristics.OLE2.ContainsMacros").
>>>>
>>>> Regards,
>>>>
>>>> Christian
More information about the amavis-users
mailing list