Am 24.08.2016 um 01:14 schrieb Alex:
I'm using clamav on fedora23 with amavisd-new and would like to tag each email that contains macros with Heuristics.OLE2.ContainsMacros. I've enabled OLE2BlockMacros, but it appears it actually lets them through instead of blocking them outright when this setting is made. What is the proper configuration of clamav to tag all emails with macro attachments with Heuristics.OLE2.ContainsMacros as well as block those emails with attachments that contain macro viruses?
clamav don't block or tag anything - that's better suited as a question at the amavisd-new list, however normally you raise the score to a level where amavisd-new or spamassassin starts to tag
_______________________
example of NON-AMAVIS setup with a non.default SA-plugin
cat /etc/mail/spamassassin/clamav.cf
ifplugin Mail::SpamAssassin::Plugin::ClamAV
full CLAMAV_JNK eval:check_clamav('/run/clamd/clamd-sa.sock')
describe CLAMAV_JNK ClamAV detected malware/phishing/junk
priority CLAMAV_JNK 800
score CLAMAV_JNK 6.0
full CLAMAV_MLW eval:check_clamav('/run/clamd/clamd.sock')
describe CLAMAV_MLW ClamAV detected malware/phishing
priority CLAMAV_MLW 800
score CLAMAV_MLW 9.9
endif
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
