Strange indeed. Just spit balling here, is the $final_virus_destiny in amavis on both servers set the same? Do you have amavis policies set on the servers?
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, February 24, 2017 11:30 AM To: Dino Edwards <[email protected]> Cc: [email protected]; amavis-users <[email protected]> Subject: Re: Quarantine doc Files only with Macros? You are right, we have two different linux servers with mailservers and they are both set in the clamav config files like below but one of them is blocking outbound OLE2 macro files and the other one only blocks incoming OLE2 marco files? Services clamav-daemon and amavis were restarted. > -----Original Message----- from Dino Edwards: > Did you restart clamav? So you have two mailservers and they are both > set in the clamav config files like below but one of them is blocking > outbound OLE2 macro files and the other one only blocks incoming OLE2 > marco files? Am I understanding this correctly? > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, February 24, 2017 11:04 AM > To: Dino Edwards <[email protected]> > Cc: [email protected]; amavis-users > <[email protected]> > Subject: Re: Quarantine doc Files only with Macros? > > Both is set. I had to restart service amavis-daemon I think. But now > at one of two mailservers there is only outgoing mail blocked and at > the other only incoming mail. > > Strange! > > > Am 2017-02-24 11:04, schrieb Dino Edwards: >> I believe both of these have to be set to true in order for that to >> work >> >> ScanOLE2 true >> OLE2BlockMacros true >> >> >> -----Original Message----- >> From: amavis-users >> [mailto:[email protected] >> ] On Behalf Of [email protected] >> Sent: Friday, February 24, 2017 2:08 AM >> To: [email protected] >> Subject: Re: Quarantine doc Files only with Macros? >> >> I turned on "OLE2BlockMacros true", but a word file containing a >> macro virus was not classified as "INFECTED". I had renamed the file >> before sending a test mail. >> >> Any ideas what could I do to get all files with macros to be >> quarantined? >> >> Kind regards >> Thomas >> >> -----Original Message----- >>> From: amavis-users >>> [mailto:[email protected] >>> g ] On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at >>> cac-chem.de wrote >>> Sent: Wednesday, December 14, 2016 11:42 AM >>> To: amavis-users at amavis.org >>> Subject: Quarantine doc Files only with Macros? >>> >>> Hello Klaus, >>> >>> if you use ClamAV, then you can set it's option "OLE2BlockMacros >>> true". >>> This detects MS >>> Office Macros regardless of the file extension. If a macro is found, >>> then the file is classified as a virus ("INFECTED: >>> Heuristics.OLE2.ContainsMacros"). >>> >>> Regards, >>> >>> Christian
