Rule set question, to bypass ClamAV

Richard Mealing richard at
Tue Jun 13 15:31:39 UTC 2017

Your rule should work. Are you using tabs?

For example this should work -

From:           somegoodsender at    and     To:     *      no

From: MailScanner [ at] On Behalf Of Support
Sent: Monday, June 12, 2017 21:26
To: mailscanner at
Subject: Rule set question, to bypass ClamAV

Hi there,

My 1st post.

Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at<mailto:safe_sender at> and To:trusted_recipient at' but that didn't work.

I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination?

To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio?

Any ideas welcome.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list