1 Topic by ThASattler

  • ThASattler
  • Member
  • Offline
  • Registered: 2016-10-15
  • Posts: 44

Topic: File with Word Macro not blocked despite OLE2BlockMacros turned on

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Debian 8u1 (Linux www 3.16.0-042stab116.2)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I set "OLE2BlockMacros true" in /etc/clamav/clamd.conf, but a file containing a word macro is not classified as "INFECTED". What could be the reason?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by brix

  • brix
  • Member
  • Offline
  • Registered: 2014-01-22
  • Posts: 30

Re: File with Word Macro not blocked despite OLE2BlockMacros turned on

I tried and it works.
Try to set:
OLE2BlockMacros yes

and restart clamav.

Please report back if that worked.

3 Reply by ThASattler (edited by ThASattler 2017-02-27 20:23:14)

  • ThASattler
  • Member
  • Offline
  • Registered: 2016-10-15
  • Posts: 44

Re: File with Word Macro not blocked despite OLE2BlockMacros turned on

brix wrote:

Please report back if that worked.

Both work "OLE2BlockMacros yes" and "OLE2BlockMacros true".

I had performed "service clamav-daemon force-reload", but this was not enough.

A mail containing a word macro was classified INFECTED after I excecuted:

service clamav-daemon restart
service clamav-freshclam restart
service amavis restart

But know I'm puzzled: we run 2 mailservers, at one of them outgoing mail is banned and incoming mail is not, at the other one incoming mail is banned and outgoing is not.

Are there any settings or whitelists which could be the reason for this?

Edit: All is working fine - PC antivirus program cleaned testmail with word macro.