Am 24.08.2016 um 21:37 schrieb Alex:
It appears that using OLE2BlockMacros causes attachments with macros, viruses or not, to just be marked by amavis with the Heuristics.OLE2.ContainsMacros. However, when it's set it no longer blocks them but forwards them on. Is this the intended behavior?"Heuristics.OLE2.ContainsMacros" does excatly what th eoption says - it hits on attachments which contain *any* macroIs there no way to configure it to mark emails with macro attachments and block the ones with macro attachments with viruses?known viruses are hit by signatures and so on - the whole purpose of Heuristics is to hit one *unknown* incarnationsI don't believe that's true
we are far away from believing here
When this option is set to Yes, the emails are tagged, but even emails with macro virus attachments are forwarded on, not blocked
problem is that you don't understand your mailsystem, clamd itself only hives back with signatures are hit and then the glue (amavis oder clamav-milter or something like that) makes decisions what happens with the message
this is NOT a clamav topic again: this is a amavis topic
For example, yesterday there were hundreds of the Sanesecurity.Badmacro.Doc.valloc virus received. The system with OLE2BlockMacros enabled forwarded these on to the user,
then fix your system which is *using* clamavon my spamassassin setup they hit clamd (one of 2 instances with different signatures and settings) and hence get 6.0 points - period
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
