Hi, On Wed, Apr 6, 2016 at 3:12 AM, <m...@junc.eu> wrote: > Alex skrev den 2016-04-06 02:40: > >> http://pastebin.com/FTzbQcHb >> >> The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav, >> but it's apparently not something that spamassassin can manipulate > > change clamd to block this mail, or score this with highter score in > amavisd, but blocking only make sense if you use amavisd-milter so it would > reject if it contains macros, here i just use clamav-milter not amavisd > > its not spam, its really malware, handle is so is suggested
This one may be spam/malware, but the vast majority of them are not. Blocking all files with macros is an obvious solution, but not a good one. Is it even possible to use SA to create a rule based on whether it contains an attachment that has macros? At least then we could create more aggressive meta rules. Thanks, Alex