1 Topic by shinobi_b_92 (edited by shinobi_b_92 2020-04-06 17:24:58)

  • shinobi_b_92
  • Member
  • Offline
  • Registered: 2020-02-13
  • Posts: 23

Topic: Blocking macros using OLE2BlockMacros with ClamAV/Amavis

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.1 OPENLDAP edition (updated from 1.0)
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu (Server) 18.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have OLE2BlockMacros set to true in my /etc/clamav/clamd.conf, but microsoft office files for example an *.xlsx file containing macros still comes through without being blocked by ClamAV/Amavis.

Here is the corresponding Amavis log (level 5): https://pastebin.com/pWZmCVHV

Here is also the infected file with macros: https://easyupload.io/uqt8g1


Do I need further configuration to block macros?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Blocking macros using OLE2BlockMacros with ClamAV/Amavis

You may need to turn on debug mode in ClamAV and try again.

3 Reply by shinobi_b_92 (edited by shinobi_b_92 2020-04-08 20:17:11)

  • shinobi_b_92
  • Member
  • Offline
  • Registered: 2020-02-13
  • Posts: 23

Re: Blocking macros using OLE2BlockMacros with ClamAV/Amavis

I have attached the ClamAV debug logs as a zip file...

Post's attachments

clamav_debug.zip 114.69 kb, 5 downloads since 2020-04-08 

You don't have the permssions to download the attachments of this post.