Clamd does not detect all Makros.
Heino Backhaus
heino.backhaus at fink-computer.de
Wed Nov 9 09:51:48 UTC 2016
Hi,
again a Virus (Worddocument-Virus) made it's way through a clamav with
OLE2BlockMacros yes
in /etc/clamd.conf
For a long time we felt pretty save with this option enabled. But now
obfuscated Makros are going around and the only
option seems to block officedocuments in general, wich is not really an
option...
A database based Virusscanner is to be considered as an unsecure filter
because of it's
latancy, which is a security risk, even if it's less than an hour. So
imho. the only way to a
reliable email-security is to block all executable code, wich doesn't
work anymore...
what are you doing to block those kind of viruses?
--
Cheers
Heino Backhaus
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20161109/91fe51ba/attachment.html>
More information about the MailScanner
mailing list