1

Topic: Blocking macros

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Deployed with iRedMail Easy or the downloadable installer?: Downloadable installer
- Linux/BSD distribution name and version: CentOS 7.7.1908
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB/MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

The only post I found with the string "macro" in the subject is this one:

https://forum.iredmail.org/topic12419-f … ed-on.html

However, I don't have "OLE2BlockMacros" in my /etc/clamd.d/scan.conf file, which appears to be the "clamd.conf" file on my system.

How should I ensure that attachments containing macros are blocked, because it seems they are not.

Thanks.


Craig

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Blocking macros

Add it in file /etc/clamd.d/amavis.conf.

3

Re: Blocking macros

OK, thanks. Are the actions logged somewhere so that I can check that it's working?

4

Re: Blocking macros

ClamAV logs to /var/log/clamav/.

5

Re: Blocking macros

Hi Zhang,

Another old topic I am finally getting back to. I did add "OLE2BlockMacros yes" to the bottom of /etc/clamd.d/amavisd.conf (not amavis.conf, as I assumed that was an error) and restarted amavisd, but there is no log at /var/log/clamav/. I grepped /var/log/* for ClamAV output, but I didn't get any of the kind of output that I would have expected related to scanning attachments.

Any suggestions for somewhere else to find ClamAV logging? Thanks.


Craig

6

Re: Blocking macros

You should restart "clamd@amavisd" service instead of "amavisd".

7

Re: Blocking macros

Thanks for the suggestion, but that doesn't create any logs at /var/log/clamav/ . There are no logs at this location on my Pro server either.

8

Re: Blocking macros

Any related log in /var/log/messages?

9

Re: Blocking macros

The only ClamAV-related log lines in /var/log/messages seem to be these repeating twice a day:

Mar 19 05:02:09 nc036 freshclam[9744]: ClamAV update process started at Thu Mar 19 05:02:09 2020
Mar 19 05:02:09 nc036 freshclam[9744]: Your ClamAV installation is OUTDATED!
Mar 19 05:02:09 nc036 freshclam[9744]: Local version: 0.101.5 Recommended version: 0.102.2
Mar 19 05:02:09 nc036 freshclam[9744]: DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Mar 19 05:02:09 nc036 freshclam[9744]: main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Mar 19 05:02:09 nc036 freshclam[9744]: daily.cld is up to date (version: 25755, sigs: 2225100, f-level: 63, builder: raynman)
Mar 19 05:02:09 nc036 freshclam[9744]: bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)