do you have amavis policy setup that may specify virus_lover set to Y set on the server that accepts the macro enabled document by any chance?
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, February 27, 2017 4:09 AM To: Dino Edwards <[email protected]> Cc: [email protected]; amavis-users <[email protected]> Subject: Re: Quarantine doc Files only with Macros? The testmail was cleaned by PC antivirus program. Therefore this strange behavior. No I tested with another file and mail was blocked every time. Kind Regards Thomas Am 2017-02-25 20:35, schrieb [email protected]: > There is no difference in $final_virus_destiny ( = D_DISCARD;) an > other settings concerning virus. > > I guess something with whitelisting or bypassing local mail senders. > >> -----Original Message----- >> 2017-02-24 17:39, wrote Dino Edwards: >> Strange indeed. Just spit balling here, is the $final_virus_destiny >> in amavis on both servers set the same? Do you have amavis policies >> set on the servers? >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> Sent: Friday, February 24, 2017 11:30 AM >> To: Dino Edwards <[email protected]> >> Cc: [email protected]; amavis-users >> <[email protected]> >> Subject: Re: Quarantine doc Files only with Macros? >> >> You are right, we have two different linux servers with mailservers >> and they are both set in the clamav config files like below but one >> of them is blocking outbound OLE2 macro files and the other one only >> blocks incoming OLE2 marco files? >> Services clamav-daemon and amavis were restarted. >> >>> -----Original Message----- from Dino Edwards: >>> Did you restart clamav? So you have two mailservers and they are >>> both set in the clamav config files like below but one of them is >>> blocking outbound OLE2 macro files and the other one only blocks >>> incoming OLE2 marco files? Am I understanding this correctly? >>> >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] >>> Sent: Friday, February 24, 2017 11:04 AM >>> To: Dino Edwards <[email protected]> >>> Cc: [email protected]; amavis-users >>> <[email protected]> >>> Subject: Re: Quarantine doc Files only with Macros? >>> >>> Both is set. I had to restart service amavis-daemon I think. But now >>> at one of two mailservers there is only outgoing mail blocked and at >>> the other only incoming mail. >>> >>> Strange! >>> >>> >>> Am 2017-02-24 11:04, schrieb Dino Edwards: >>>> I believe both of these have to be set to true in order for that to >>>> work >>>> >>>> ScanOLE2 true >>>> OLE2BlockMacros true >>>> >>>> >>>> -----Original Message----- >>>> From: amavis-users >>>> [mailto:[email protected] >>>> rg ] On Behalf Of [email protected] >>>> Sent: Friday, February 24, 2017 2:08 AM >>>> To: [email protected] >>>> Subject: Re: Quarantine doc Files only with Macros? >>>> >>>> I turned on "OLE2BlockMacros true", but a word file containing a >>>> macro virus was not classified as "INFECTED". I had renamed the >>>> file before sending a test mail. >>>> >>>> Any ideas what could I do to get all files with macros to be >>>> quarantined? >>>> >>>> Kind regards >>>> Thomas >>>> >>>> -----Original Message----- >>>>> From: amavis-users >>>>> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net@amavis. >>>>> or g ] On Behalf Of Hoyer-Reuther, Christian >>>>> Christian.Hoyer-Reuther at cac-chem.de wrote >>>>> Sent: Wednesday, December 14, 2016 11:42 AM >>>>> To: amavis-users at amavis.org >>>>> Subject: Quarantine doc Files only with Macros? >>>>> >>>>> Hello Klaus, >>>>> >>>>> if you use ClamAV, then you can set it's option "OLE2BlockMacros >>>>> true". >>>>> This detects MS >>>>> Office Macros regardless of the file extension. If a macro is >>>>> found, then the file is classified as a virus ("INFECTED: >>>>> Heuristics.OLE2.ContainsMacros"). >>>>> >>>>> Regards, >>>>> >>>>> Christian
