Sanesecurity.Badmacro.Doc.vbfexe.UNOFFICIAL clamav false positive
I am currently having problems receiving emails from a customer because their attachments are triggering this rule in EXIM (Sanesecurity.Badmacro.Doc.vbfexe.UNOFFICIAL)
so I was wondering if there is a way to disable only the problematic rule
-
I did run the command "yum list installed | grep clamav-unofficial-sigs" but got no results. Also got no results when I run "yum list installed | grep Sanesecurity.Badmacro.Doc.vbfexe.UNOFFICIAL" However I got this result when I did run "yum list installed | grep clamav" cpanel-clamav.x86_64 0.101.5-6.cp1186 installed cpanel-clamav-virusdefs.x86_64 0.101.5-6.cp1186 installed 0 -
Sorry about that - I double-checked the ClamAV tools, and while it is listed as "unofficial" it is still included in the main RPM. I don't have a way to whitelist the checks from ClamAV for a certain address/domain, so the only option would be to disable that in general on the machine, which is obviously not ideal. 0 -
I see, maybe it would be better to start thinking of contributing to CLAMAV in order to have a better product for the good of everybody 0 -
BTW, Do you think this problem can be solved compressing the files with ZIP o RAR tools? 0 -
It's possible! If the files are zipped first, it may not flag the same ClamAV rule. 0 -
The zipped the files before sending them via email but it didn"t work. They remain being blocked 0 -
Just as a test, if you disable ClamAV do the emails get through normally? 0 -
You mean the option in the attached picture? Just as a test, if you disable ClamAV do the emails get through normally?
0
Please sign in to leave a comment.
Comments
9 comments