Clamd does not detect all Makros.

Heino Backhaus heino.backhaus at
Wed Nov 9 09:51:48 UTC 2016


again a Virus (Worddocument-Virus) made it's way through a clamav with

OLE2BlockMacros yes
in /etc/clamd.conf

For a long time we felt pretty save with this option enabled. But now
obfuscated Makros are going around and the only
option seems to block officedocuments in general, wich is not really an
A database based Virusscanner is to be considered as an unsecure filter
because of it's
latancy, which is a security risk, even if it's less than an hour. So
imho. the only way to a
reliable email-security is to block all executable code, wich doesn't
work anymore...

what are you doing to block those kind of viruses?

Heino Backhaus

"In retrospect it becomes clear that hindsight is definitely overrated!"
  -Alfred E. Neumann

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list