Hi there, On Fri, 22 Jan 2021, Chaminda Indrajith via clamav-users wrote:
Mainly, we get these virus via E-mail. ...
Can I assume that it's clamd which scans these emails?
OLE2BlockMacros = "yes"
There are other settings which you might want to investigate. See for example the 'Alert...' options in the clamd.conf man page which mostly default to 'no'.
mail/clamav-milter.conf not found
If you do not use clamav-milter, what takes the message from the mail server and presents it to clamd? Do you have evidence that clamd at least finds some threats (of whatever kind) in your incoming mail?
Database information ...
A good selection of signatures. :)
[root@mailin-04 ~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)
Shame about CentOS. :(
I can put the viruses in a FTP server and share them with you.
Please do. Please provide the files as complete original email messages, not just as the attached files (and let me know where I can find them of course. :)
Usually, I forward the virus mails to Sanesecurity.
+1 You might want to send them to the ClamAV team too, and perhaps also to Securiteinfo - the maintainer of those signatures has occasionally asked on this list for samples to be sent to him. The ClamAV team is more interested in malware/phishing than spam. It can be onerous to make many submissions, I'm working on a system which automates it to some extent but it's not yet ready to publish.
I hope that I have provided the sufficient information for you.
We're getting there. :)
Thanks for your support.
You're welcome. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
