Am 05.10.2016 um 14:21 schrieb Alex:
I'm starting to receive emails like this:
http://pastebin.com/HpvEcT9K
They're not being caught by clamav or other virus filters. Is it even
possible to catch encrypted Word docs with a virus scanner?
I'm using spamassassin on fedora with amavisd. Is there something that
can be done to at least tag them in some way so the end-user knows
it's a potential threat?
reject attachments with macros or add a clamd instance connected to the
clamav-sa-plugin with a high score as i told you after you asked the
exactly same on the SA mailing-list
[root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros
OLE2BlockMacros no
[root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros
OLE2BlockMacros yes
Content analysis details: (8.2 points, 5.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.3 CUST_DNSWL_10_ORG_M RBL: list.dnswl.org (Medium Trust)
[103.10.4.13 listed in list.dnswl.org]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
-0.1 CUST_DNSWL_2_SENDERSC_L RBL: score.senderscore.com (Low Trust)
[103.10.4.13 listed in score.senderscore.com]
1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 CUST_DNSWL_3_JEF_L RBL: hostkarma.junkemailfilter.com (Low Trust)
[103.10.4.13 listed in
hostkarma.junkemailfilter.com]
0.0 T_OBFU_ATTACH_MISSP No description available.
0.7 LOTS_OF_MONEY Huge... sums of money
6.0 CLAMAV_JNK ClamAV detected malware/phishing/junk
[Heuristics.OLE2.ContainsMacros(fb03985a8486d4f897e28804b5a56f43:191355)]
0.5 BOGOFILTER_PROB_SPAM BOGOFILTER: No description available.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
