> > Try this: > 1) Enable OLE2BlockMacros and restart clamd > 2) Use clamdscan to test your sample message and note the results > 3) Disable OLE2BlockMacros and restart clamd > 4) Use clamdscan to test your sample message again and note these results > > Something else...
In amavisd-new there are virus_name_to_spam_score_maps For example: http://sanesecurity.com/support/problems/ If the setting to block macros is enable in ClamAV and is actually hitting, it should hit with Heuristics.OLE2.ContainsMacros But.. I don't think amavisd-new has a virus_name_to_spam_score_maps for Heuristics.OLE2.ContainsMacros so, it might let the email through but just mark it, instead of blocking it? Eg... # [ qr’^Heuristics\.OLE2\.ContainsMacros’ => undef ],# keep as infected Does that change things? Cheers, Steve Web : sanesecurity.com Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
