HeuristicScanPrecedence No is broken with OLE2BlockMacros Yes.
It only applies to signatures being run against uncompressed macros.
If there is a hit on one of those signatures , that signature hit is returned
and not Heuristics.OLE2.ContainsMacros.
Otherwise Heuristics.OLE2.ContainsMacros is ret
On 8/25/2016 7:06 PM, Alex wrote:
Hi,
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message again and note these results
Very constructiv
Hi,
>>> Try this:
>>> 1) Enable OLE2BlockMacros and restart clamd
>>> 2) Use clamdscan to test your sample message and note the results
>>> 3) Disable OLE2BlockMacros and restart clamd
>>> 4) Use clamdscan to test your sample message again and note these results
Very constructive help, thank you.
Am 25.08.2016 um 20:39 schrieb Alex:
Maybe I should have stated my question more simply:
What is the purpose of the OLE2BlockMacros option? What happens when
it's set to "Yes"?
every message with a attachment containing macros hit clamd
What happens when it's set to "No"?
every message w
On Thu, August 25, 2016 9:20 pm, Dennis Peterson wrote:
>> I think the issue is that he wants to block recognized viruses, but
>> only mark heuristic matches.
>>
> That would be a scoring task in Amavisd.
>
Maybe...
# [ qr’^’^Heuristics\.OLE2\.ContainsMacros’ => 0.1 ],
So, allocate a scor
On 8/25/2016 4:20 PM, Dennis Peterson wrote:
On 8/25/16 1:10 PM, Bowie Bailey wrote:
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4)
On 8/25/16 1:10 PM, Bowie Bailey wrote:
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message aga
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message again and note these results
Something el
>
> Try this:
> 1) Enable OLE2BlockMacros and restart clamd
> 2) Use clamdscan to test your sample message and note the results
> 3) Disable OLE2BlockMacros and restart clamd
> 4) Use clamdscan to test your sample message again and note these results
>
>
Something else...
In amavisd-new there are
On 8/25/2016 2:39 PM, Alex wrote:
Hi,
When this option is set to Yes, the
emails are tagged, but even emails with macro virus attachments are
forwarded on, not blocked
problem is that you don't understand your mailsystem, clamd itself only
hives back with signatures are hit and then the glue (
In the source code for clamd this is found:
if(optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options |= CL_SCAN_OLE2;
if(optget(opts, "OLE2BlockMacros")->enabled) {
logg("OLE2: Blocking all VBA macros.\n");
options |= CL_
On 8/25/2016 1:39 PM, Alex wrote:
> Hi,
>
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>>
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hi
Hi,
>> When this option is set to Yes, the
>> emails are tagged, but even emails with macro virus attachments are
>> forwarded on, not blocked
>
> problem is that you don't understand your mailsystem, clamd itself only
> hives back with signatures are hit and then the glue (amavis oder
> clamav-mi
Am 24.08.2016 um 21:37 schrieb Alex:
It appears that using OLE2BlockMacros causes attachments with macros,
viruses or not, to just be marked by amavis with the
Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
blocks them but forwards them on.
Is this the intended behavior?
ClamAV has no part in tagging, forwarding, or deleting. It simply tells the
calling process what the result of the scan was. It is left to the calling
process to deal with it per local policy.
dp
On 8/24/16 12:37 PM, Alex wrote:
Hi,
It appears that using OLE2BlockMacros causes attachments w
Alex wrote:
> Please don't send me to the amavis list - there must be someone who
> uses both clamav and amavis that understands what's happening here.
Much like SpamAssassin, Clamav in and of itself can only say "Matched
signature " or "Triggered heuristic test ", or "Didn't match
anything".
It'
Hi,
>> It appears that using OLE2BlockMacros causes attachments with macros,
>> viruses or not, to just be marked by amavis with the
>> Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
>> blocks them but forwards them on.
>>
>> Is this the intended behavior?
>
> "Heuristics.OLE2
Am 24.08.2016 um 18:12 schrieb Alex:
I'm using clamav on fedora23 with amavisd-new and would like to tag
each email that contains macros with Heuristics.OLE2.ContainsMacros.
I've enabled OLE2BlockMacros, but it appears it actually lets them
through instead of blocking them outright when this set
Hi,
>> I'm using clamav on fedora23 with amavisd-new and would like to tag
>> each email that contains macros with Heuristics.OLE2.ContainsMacros.
>> I've enabled OLE2BlockMacros, but it appears it actually lets them
>> through instead of blocking them outright when this setting is made.
>>
>> Wha
Am 24.08.2016 um 01:14 schrieb Alex:
I'm using clamav on fedora23 with amavisd-new and would like to tag
each email that contains macros with Heuristics.OLE2.ContainsMacros.
I've enabled OLE2BlockMacros, but it appears it actually lets them
through instead of blocking them outright when this se
Hi,
I'm using clamav on fedora23 with amavisd-new and would like to tag
each email that contains macros with Heuristics.OLE2.ContainsMacros.
I've enabled OLE2BlockMacros, but it appears it actually lets them
through instead of blocking them outright when this setting is made.
What is the proper c
21 matches
Mail list logo
