Quarantine doc Files only with Macros?
postmaster at wf-partner.com
postmaster at wf-partner.com
Mon Feb 27 10:08:59 CET 2017
The testmail was cleaned by PC antivirus program. Therefore this strange
behavior. No I tested with another file and mail was blocked every time.
Kind Regards
Thomas
Am 2017-02-25 20:35, schrieb postmaster at wf-partner.com:
> There is no difference in $final_virus_destiny ( = D_DISCARD;) an
> other settings concerning virus.
>
> I guess something with whitelisting or bypassing local mail senders.
>
>> -----Original Message-----
>> 2017-02-24 17:39, wrote Dino Edwards:
>> Strange indeed. Just spit balling here, is the $final_virus_destiny in
>> amavis on both servers set the same? Do you have amavis policies set
>> on the servers?
>>
>>
>>
>> -----Original Message-----
>> From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
>> Sent: Friday, February 24, 2017 11:30 AM
>> To: Dino Edwards <dino.edwards at mydirectmail.net>
>> Cc: amavis-users at amavis.org; amavis-users
>> <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
>> Subject: Re: Quarantine doc Files only with Macros?
>>
>> You are right, we have two different linux servers with mailservers
>> and they are both set in the clamav config files like below but one of
>> them is blocking outbound OLE2 macro files and the other one only
>> blocks incoming OLE2 marco files?
>> Services clamav-daemon and amavis were restarted.
>>
>>> -----Original Message----- from Dino Edwards:
>>> Did you restart clamav? So you have two mailservers and they are both
>>> set in the clamav config files like below but one of them is blocking
>>> outbound OLE2 macro files and the other one only blocks incoming OLE2
>>> marco files? Am I understanding this correctly?
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: postmaster at wf-partner.com [mailto:postmaster at wf-partner.com]
>>> Sent: Friday, February 24, 2017 11:04 AM
>>> To: Dino Edwards <dino.edwards at mydirectmail.net>
>>> Cc: amavis-users at amavis.org; amavis-users
>>> <amavis-users-bounces+postmaster=wf-partner.com at amavis.org>
>>> Subject: Re: Quarantine doc Files only with Macros?
>>>
>>> Both is set. I had to restart service amavis-daemon I think. But now
>>> at one of two mailservers there is only outgoing mail blocked and at
>>> the other only incoming mail.
>>>
>>> Strange!
>>>
>>>
>>> Am 2017-02-24 11:04, schrieb Dino Edwards:
>>>> I believe both of these have to be set to true in order for that to
>>>> work
>>>>
>>>> ScanOLE2 true
>>>> OLE2BlockMacros true
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: amavis-users
>>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org
>>>> ] On Behalf Of postmaster at wf-partner.com
>>>> Sent: Friday, February 24, 2017 2:08 AM
>>>> To: amavis-users at amavis.org
>>>> Subject: Re: Quarantine doc Files only with Macros?
>>>>
>>>> I turned on "OLE2BlockMacros true", but a word file containing a
>>>> macro virus was not classified as "INFECTED". I had renamed the file
>>>> before sending a test mail.
>>>>
>>>> Any ideas what could I do to get all files with macros to be
>>>> quarantined?
>>>>
>>>> Kind regards
>>>> Thomas
>>>>
>>>> -----Original Message-----
>>>>> From: amavis-users
>>>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.or
>>>>> g ] On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther
>>>>> at
>>>>> cac-chem.de wrote
>>>>> Sent: Wednesday, December 14, 2016 11:42 AM
>>>>> To: amavis-users at amavis.org
>>>>> Subject: Quarantine doc Files only with Macros?
>>>>>
>>>>> Hello Klaus,
>>>>>
>>>>> if you use ClamAV, then you can set it's option "OLE2BlockMacros
>>>>> true".
>>>>> This detects MS
>>>>> Office Macros regardless of the file extension. If a macro is
>>>>> found,
>>>>> then the file is classified as a virus ("INFECTED:
>>>>> Heuristics.OLE2.ContainsMacros").
>>>>>
>>>>> Regards,
>>>>>
>>>>> Christian
More information about the amavis-users
mailing list