How To Block Macros on Zimbra

Posted by

Below is step by step how to block macros in Microsoft Office Documents that sent as attachments in Zimbra

su - zimbra
vi /opt/zimbra/conf/clamd.conf.in

Add the following line at the bottom

OLE2BlockMacros yes

Save and restart freshclam

zmfreshclamctl restart

Please make sure amavis, antivirus and antispam services are enabled and running. If not, run the following command and restart Zimbra services

zmprov ms `zmhostname` +zimbraServiceEnabled amavis
zmprov ms `zmhostname` +zimbraServiceEnabled antispam
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
zmcontrol restart

Below is an example of a log when receiving an email that contains macro

Aug 26 22:08:39 mail amavis[14846]: (14846-01) Blocked INFECTED (Doc.Downloader.Sagent-9509377-0) {DiscardedInternal,Quarantined}, ORIGINATING/MYNETS LOCAL [192.XX.XX.XX]:52397  -> , quarantine: virus-quarantine.ftadxygb@example, Queue-ID: 1B94321DFA, Message-ID: <765303229.3436.1598454519051.JavaMail.zimbra@example>, mail_id: zC5Boc72xRnl, Hits: -, size: 312834, 353 ms

Good Luck 🙂

11 comments

  1. hi

    some time its discard important email as well with proper file and domain . can you please let us know how to fix that .

  2. Hi,

    I did everything and still see macros from docx file going on

    This is what i did :
    OLE2BlockMacros yes

    And when i look at the logs :
    Fri Jun 28 03:21:27 2019 -> OLE2 support enabled.
    Fri Jun 28 03:26:14 2019 -> OLE2 support enabled.
    Thu Dec 30 09:56:54 2021 -> OLE2 support enabled.
    Thu Dec 30 11:37:55 2021 -> OLE2 support enabled.
    Wed Jan 5 10:10:31 2022 -> OLE2 support enabled.
    Wed Jan 5 10:10:31 2022 -> OLE2: Alerting on all VBA macros.

    Nothing more elsewhere

    Any tips ?
    Regards

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.