How To Block Macros on Zimbra

Posted by

Below is step by step how to block macros in Microsoft Office Documents that sent as attachments in Zimbra

su - zimbra
vi /opt/zimbra/conf/clamd.conf.in

Add the following line at the bottom

OLE2BlockMacros yes

Save and restart freshclam

zmfreshclamctl restart

Please make sure amavis, antivirus and antispam services are enabled and running. If not, run the following command and restart Zimbra services

zmprov ms `zmhostname` +zimbraServiceEnabled amavis
zmprov ms `zmhostname` +zimbraServiceEnabled antispam
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
zmcontrol restart

Below is an example of a log when receiving an email that contains macro

Aug 26 22:08:39 mail amavis[14846]: (14846-01) Blocked INFECTED (Doc.Downloader.Sagent-9509377-0) {DiscardedInternal,Quarantined}, ORIGINATING/MYNETS LOCAL [192.XX.XX.XX]:52397  -> , quarantine: virus-quarantine.ftadxygb@example, Queue-ID: 1B94321DFA, Message-ID: <765303229.3436.1598454519051.JavaMail.zimbra@example>, mail_id: zC5Boc72xRnl, Hits: -, size: 312834, 353 ms

Good Luck 🙂

5 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.