Rule set question, to bypass ClamAV
Support at officeunlimited.nl
Mon Jun 12 20:25:51 UTC 2017
My 1st post.
Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com and To:trusted_recipient at example.com' but that didn't work.
I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination?
To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio?
Any ideas welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner