On 4/6/2016 3:23 PM, Alex wrote:
> Can you tell us more about the OLE2 result, and how you obtained it
> from clamav, in hopes I could do something similar with amavis?
IIRC, all you have to do is make sure your clamd.conf includes
these two settings:
ScanOLE2 yes
OLE2BlockMacros yes
The
On Wed, 6 Apr 2016, Alex wrote:
Hi,
On Wed, Apr 6, 2016 at 3:12 AM, wrote:
Alex skrev den 2016-04-06 02:40:
http://pastebin.com/FTzbQcHb
The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav,
but it's apparently not something that spamassassin can manipulate
change clamd to
Hi,
On Wed, Apr 6, 2016 at 12:14 PM, Matt Garretson
wrote:
> On 4/5/2016 8:40 PM, Alex wrote:
>> These targeted macro viruses are killing us. I hoped someone would
>> [...]
>> What strategy are other people using to block zero-day macro viruses?
>
> I quarantine these before they get to SA with s
Hi,
On Wed, Apr 6, 2016 at 11:39 AM, John Hardin wrote:
> On Wed, 6 Apr 2016, Alex wrote:
>
>> Yes, blocking all .doc files would be tough for us. However, maybe a
>> rule that weights their existence them more heavily combined with
>> something involving finance+money+invoices would be helpful.
On 4/5/2016 8:40 PM, Alex wrote:
> These targeted macro viruses are killing us. I hoped someone would
> [...]
> What strategy are other people using to block zero-day macro viruses?
I quarantine these before they get to SA with some logic in mimedefang
that combines the OLE2 result from clamav wi
On Wed, 6 Apr 2016, Alex wrote:
Yes, blocking all .doc files would be tough for us. However, maybe a
rule that weights their existence them more heavily combined with
something involving finance+money+invoices would be helpful.
Would blocking with whitelist exceptions for expected sources work
Hi,
On Wed, Apr 6, 2016 at 9:56 AM, Reindl Harald wrote:
> Am 06.04.2016 um 15:53 schrieb RW:
>>
>> On Tue, 5 Apr 2016 20:40:20 -0400
>> Alex wrote:
>>
>>> These targeted macro viruses are killing us. I hoped someone would
>>> like to take a shot at suggestions on how to stop these.
>>>
>>> http:
Am 06.04.2016 um 15:53 schrieb RW:
On Tue, 5 Apr 2016 20:40:20 -0400
Alex wrote:
These targeted macro viruses are killing us. I hoped someone would
like to take a shot at suggestions on how to stop these.
http://pastebin.com/FTzbQcHb
The Heuristics.OLE2.ContainsMacros rule is added by amavi
On Tue, 5 Apr 2016 20:40:20 -0400
Alex wrote:
> Hi all,
>
> These targeted macro viruses are killing us. I hoped someone would
> like to take a shot at suggestions on how to stop these.
>
> http://pastebin.com/FTzbQcHb
>
> The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav,
> bu
Hi,
On Wed, Apr 6, 2016 at 3:12 AM, wrote:
> Alex skrev den 2016-04-06 02:40:
>
>> http://pastebin.com/FTzbQcHb
>>
>> The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav,
>> but it's apparently not something that spamassassin can manipulate
>
> change clamd to block this mail, or
Alex skrev den 2016-04-06 02:40:
http://pastebin.com/FTzbQcHb
The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav,
but it's apparently not something that spamassassin can manipulate
change clamd to block this mail, or score this with highter score in
amavisd, but blocking only
Hi all,
These targeted macro viruses are killing us. I hoped someone would
like to take a shot at suggestions on how to stop these.
http://pastebin.com/FTzbQcHb
The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav,
but it's apparently not something that spamassassin can manipulate
12 matches
Mail list logo
