Rule set question, to bypass ClamAV
richard at fastnet.co.uk
Tue Jun 13 15:31:39 UTC 2017
Your rule should work. Are you using tabs?
For example this should work -
From: somegoodsender at domain.com and To: *@mydomain.com no
From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Support
Sent: Monday, June 12, 2017 21:26
To: mailscanner at lists.mailscanner.info
Subject: Rule set question, to bypass ClamAV
My 1st post.
Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com<mailto:safe_sender at safe_domain.com> and To:trusted_recipient at example.com' but that didn't work.
I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination?
To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio?
Any ideas welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner