Hi, On Wed, Apr 6, 2016 at 12:14 PM, Matt Garretson <ma...@assembly.state.ny.us> wrote: > On 4/5/2016 8:40 PM, Alex wrote: >> These targeted macro viruses are killing us. I hoped someone would >> [...] >> What strategy are other people using to block zero-day macro viruses? > > I quarantine these before they get to SA with some logic in mimedefang > that combines the OLE2 result from clamav with bogofilter scores and a > couple arbitary pattern matches that i update as needed.
Can you tell us more about the OLE2 result, and how you obtained it from clamav, in hopes I could do something similar with amavis?