From 260421448d564d60dfdbcdd1515d630a8ce0df29 Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Wed, 13 Feb 2019 09:50:29 +0200 Subject: [PATCH] Update clamd.conf AlertOLE2Macros, default should be set to NO With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros. Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked. The default for debian/ubuntu is to set this to NO cPanel, iredmail, etc all have this option set to NO --- data/conf/clamav/clamd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/clamav/clamd.conf b/data/conf/clamav/clamd.conf index 9dd5dc40..0fe92e72 100644 --- a/data/conf/clamav/clamd.conf +++ b/data/conf/clamav/clamd.conf @@ -26,7 +26,7 @@ DetectPUA yes #IncludePUA RAT HeuristicAlerts yes ScanOLE2 yes -AlertOLE2Macros yes +AlertOLE2Macros no ScanPDF yes ScanSWF yes ScanXMLDOCS yes