Virus Parser

[Peter Lemieux]

We use ClamAV to handle those files with macros.  If you install a version of 
ClamAV alongside f-prot that provides the clamd server and configure 
MailScanner accordingly, you can change the directive in /etc/clamd.conf to read

ScanOLE2 yes
OLE2BlockMacros yes

then files with macros will be treated as malware.  The macros will not be 
stripped though.  The message will be quarantined by MailScanner like any 
other piece of malware.  In the organization I consult to, ordinary users have 
no need of files with macros, so blocking them all is the easiest solution. 
The recipient will get a notice that the message was quarantined, so you can 
pull the occasional legitimate file from there.

Peter


On 02/07/2016 07:17 PM, Moris Kod wrote:
> Where would one tweak the virus scanner parser for f-prot?   I'm trying to get
> MailScanner to strip macros off of word and excel documents.