Macro detection appears to be experimental in MailCleaner. There is no
configuration in the web interface that allows bypass or any other
adjustment.
By logging CLAMD rejects the SMTP level to messages arriving with
attached macros.
Filtering Engine:
Nov 25 16:29:18 antispam MailScanner[10768]: Clamd::INFECTED::
Heuristics.OLE2.ContainsMacros :: ./1iZK2u-0006hg-Bs/vbaProject.bin
Nov 25 16:29:18 antispam MailScanner[10768]: Clamd::INFECTED::
Heuristics.OLE2.ContainsMacros :: ./1iZK2u-0006hg-Bs/QCE 2019 -
v1.3.xlsm
Nov 25 16:29:18 antispam MailScanner[10768]: Infected message
1iZK2u-0006hg-Bs came from 209.85.167.170
---
Em 25/11/2019 09:01 PM, Paul Kosinski via clamav-users escreveu:
Can "Mailcleaner" be configured to let the emails through with a
warning appended if ClamAV finds a problem, rather than simply blocking
them? That would perhaps be safer than simply letting them through.
For example, we use procmail and clamscan-procfilter.pl (which I
modified a bit from the original) on our server to scan for viruses.
This filter simply adds a header line to the email if ClamAV found a
virus. Then a procmail rule blocks the email if there was a virus. In
your case, you could allow the email (but leave the warning) if it came
from your important sender (as determined by another procmail rule).
This might be a better approach as you would be informed if any emails
came from your important sender that *do* contain an apparent virus
(assuming hardly any do in fact contain possible viruses).
On Mon, 25 Nov 2019 19:56:27 -0300
Marcelo Leães via clamav-users <clamav-users@lists.clamav.net> wrote:
Of course I understand perfectly.
But salespeople use a lot of spreadsheets with macro automation.
I can not impact the customer business blocked everything.
Some reliable senders need to keep released.
Just as every day I receive multiple emails from other destinations
with spreadsheets and doc files clearly to exploit vulnerabilities.
Is there an option to implement this whitelist?
---
Em 25/11/2019 07:47 PM, Paul Kosinski via clamav-users escreveu:
> I don't think that *not* scanning email from certain senders is a
> good idea. You may trust the person, but that doesn't mean you
> should trust their computer, or, for that matter, the relay
> computers which forward the email to you. (This is relevant since
> any TLS applies only to the individual hops -- it isn't usually
> end-to-end.)
>
> Think of it like diseases: you may fully trust your friends, but
> your friends could still pass on any colds or flu they might have
> before their symptoms become obvious.
>
>
> On Mon, 25 Nov 2019 17:39:00 -0300
> Marcelo Leães via clamav-users <clamav-users@lists.clamav.net>
> wrote:
>
>> I'm sorry for english I'm using translator
>>
>> I use an antispam solution called Mailcleaner that comes with
>> Clamav as antivirus to scan incoming emails.
>>
>> I need to block macros in received word and excel documents, but
>> some remententes need to release this check.
>>
>> It is possible to have an exception list so that no emails or
>> domains are verified, for example:
>>
>> u...@domain.com
>> @ domain.net
>>
>> ?
>>
>>
>> ---
>>
>>
>> Em 25/11/2019 05:10 PM, G.W. Haywood via clamav-users escreveu:
>> > Hi there,
>> >
>> > On Mon, 25 Nov 2019, Marcelo Leães via clamav-users wrote:
>> >
>> >> I need to set up a whitelist with email addresses or wildcards
>> >> with domains that...
>> >
>> > Your requirements are unclear, please clarify. Are you
>> > intending to use ClamAV only for scanning mail, and if so do you
>> > wish to prevent scanning for certain senders? If so, then there
>> > are ways to do what you are asking, although I'm not sure that I
>> > would recommend it.
>> >
>> >> ... should not be verified by Clamav.
>> >
>> > I understand that you may not be writing in your first language.
>> >
>> > ClamAV does not 'verify' email addresses nor domains, but it can
>> > look into links which it finds in mail. Again, I'm not sure
>> > that I would generally recommend that.
>> >
>> >> I couldn't find any documentation available, how should I
>> >> proceed?
>> >
>> > All the documentation is available on the ClamAV Website, and if
>> > you install ClamAV on a computer, much of it will be installed
>> > there too.
>> >
>> > --
>> >
>> > 73,
>> > Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
