Am 24.08.2016 um 18:12 schrieb Alex:
I'm using clamav on fedora23 with amavisd-new and would like to tag each email that contains macros with Heuristics.OLE2.ContainsMacros. I've enabled OLE2BlockMacros, but it appears it actually lets them through instead of blocking them outright when this setting is made.What is the proper configuration of clamav to tag all emails with macro attachments with Heuristics.OLE2.ContainsMacros as well as block those emails with attachments that contain macro viruses?clamav don't block or tag anything - that's better suited as a question at the amavisd-new list, however normally you raise the score to a level where amavisd-new or spamassassin starts to tagI'm using clamav with amavis to block them outright. It appears that using OLE2BlockMacros causes attachments with macros, viruses or not, to just be marked by amavis with the Heuristics.OLE2.ContainsMacros. However, when it's set it no longer blocks them but forwards them on. Is this the intended behavior?
"Heuristics.OLE2.ContainsMacros" does excatly what th eoption says - it hits on attachments which contain *any* macro
Is there no way to configure it to mark emails with macro attachments and block the ones with macro attachments with viruses?
known viruses are hit by signatures and so on - the whole purpose of Heuristics is to hit one *unknown* incarnations
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
