Am 24.08.2016 um 21:37 schrieb Alex:
It appears that using OLE2BlockMacros causes attachments with macros,
viruses or not, to just be marked by amavis with the
Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
blocks them but forwards them on.
Is this the intended behavior?
Hi,
>> When this option is set to Yes, the
>> emails are tagged, but even emails with macro virus attachments are
>> forwarded on, not blocked
>
> problem is that you don't understand your mailsystem, clamd itself only
> hives back with signatures are hit and then the glue (amavis oder
> clamav-mi
On 8/25/2016 1:39 PM, Alex wrote:
> Hi,
>
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>>
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hi
In the source code for clamd this is found:
if(optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options |= CL_SCAN_OLE2;
if(optget(opts, "OLE2BlockMacros")->enabled) {
logg("OLE2: Blocking all VBA macros.\n");
options |= CL_
On 8/25/2016 2:39 PM, Alex wrote:
Hi,
When this option is set to Yes, the
emails are tagged, but even emails with macro virus attachments are
forwarded on, not blocked
problem is that you don't understand your mailsystem, clamd itself only
hives back with signatures are hit and then the glue (
>
> Try this:
> 1) Enable OLE2BlockMacros and restart clamd
> 2) Use clamdscan to test your sample message and note the results
> 3) Disable OLE2BlockMacros and restart clamd
> 4) Use clamdscan to test your sample message again and note these results
>
>
Something else...
In amavisd-new there are
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message again and note these results
Something el
On 8/25/16 1:10 PM, Bowie Bailey wrote:
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message aga
On 8/25/2016 4:20 PM, Dennis Peterson wrote:
On 8/25/16 1:10 PM, Bowie Bailey wrote:
On 8/25/2016 3:10 PM, Steve Basford wrote:
Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4)
On Thu, August 25, 2016 9:20 pm, Dennis Peterson wrote:
>> I think the issue is that he wants to block recognized viruses, but
>> only mark heuristic matches.
>>
> That would be a scoring task in Amavisd.
>
Maybe...
# [ qr’^’^Heuristics\.OLE2\.ContainsMacros’ => 0.1 ],
So, allocate a scor
Am 25.08.2016 um 20:39 schrieb Alex:
Maybe I should have stated my question more simply:
What is the purpose of the OLE2BlockMacros option? What happens when
it's set to "Yes"?
every message with a attachment containing macros hit clamd
What happens when it's set to "No"?
every message w
Hi,
>>> Try this:
>>> 1) Enable OLE2BlockMacros and restart clamd
>>> 2) Use clamdscan to test your sample message and note the results
>>> 3) Disable OLE2BlockMacros and restart clamd
>>> 4) Use clamdscan to test your sample message again and note these results
Very constructive help, thank you.
12 matches
Mail list logo
