On 4/6/2016 3:23 PM, Alex wrote:
> Can you tell us more about the OLE2 result, and how you obtained it
> from clamav, in hopes I could do something similar with amavis?
IIRC, all you have to do is make sure your clamd.conf includes
these two settings:
ScanOLE2 yes
OLE2BlockMacros yes
Then, according to the clamd.conf manpage, 'OLE2 files with VBA
macros, which were not detected by signatures will be marked as
"Heuristics.OLE2.ContainsMacros".'
Since I call clam from mimedefang, I just pattern-match for that hit
string and act accordingly.
We are getting a bit OT from SA, but hopefully that can help you get going.
