I believe both of these have to be set to true in order for that to work ScanOLE2 true OLE2BlockMacros true
-----Original Message----- From: amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirectmail....@amavis.org] On Behalf Of postmas...@wf-partner.com Sent: Friday, February 24, 2017 2:08 AM To: amavis-users@amavis.org Subject: Re: Quarantine doc Files only with Macros? I turned on "OLE2BlockMacros true", but a word file containing a macro virus was not classified as "INFECTED". I had renamed the file before sending a test mail. Any ideas what could I do to get all files with macros to be quarantined? Kind regards Thomas -----Original Message----- > From: amavis-users > [mailto:amavis-users-bounces+dino.edwards=mydirectmail....@amavis.org] > On Behalf Of Hoyer-Reuther, Christian Christian.Hoyer-Reuther at > cac-chem.de wrote > Sent: Wednesday, December 14, 2016 11:42 AM > To: amavis-users at amavis.org > Subject: Quarantine doc Files only with Macros? > > Hello Klaus, > > if you use ClamAV, then you can set it's option "OLE2BlockMacros true". > This detects MS > Office Macros regardless of the file extension. If a macro is found, > then the file is classified as a virus ("INFECTED: > Heuristics.OLE2.ContainsMacros"). > > Regards, > > Christian