Do not reject email for clamav Heuristics.OLE2.ContainsMacros event

Patrick Proniewski patrick.proniewski at
Wed Feb 19 15:05:48 CET 2020


I'm trying to prevent some OLE based attacks with Amavisd-new + Clamav filtering, but setting Clamav to reject every single OLE document is doomed to failure: our users need to receive legitimate documents using OLE.

So I would like to setup Amavisd+Clamav so that when an attachement includes an OLE (ie. when Heuristics.OLE2.ContainsMacros is triggered) I get proper notification in logs for example and the message gets delivered to its recipients, unless of course something else is triggered. 

I've tried the solution exposed in <> but I'm not using any policy_bank on my MX servers and I failed to adapt the config snippet to make it work.

Any help appreciated!

(I'm subscribed to digest, feel free to Cc me when you reply, thanks)

More information about the amavis-users mailing list