Rule set question, to bypass ClamAV

Support Support at
Mon Jun 12 20:25:51 UTC 2017

Hi there,

My 1st post.

Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at and To:trusted_recipient at' but that didn't work.

I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination?

To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio?

Any ideas welcome.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list