Below is step by step how to block macros in Microsoft Office Documents that sent as attachments in Zimbra
su - zimbra vi /opt/zimbra/conf/clamd.conf.in
Add the following line at the bottom
OLE2BlockMacros yes
Save and restart freshclam
zmfreshclamctl restart
Please make sure amavis, antivirus and antispam services are enabled and running. If not, run the following command and restart Zimbra services
zmprov ms `zmhostname` +zimbraServiceEnabled amavis zmprov ms `zmhostname` +zimbraServiceEnabled antispam zmprov ms `zmhostname` +zimbraServiceEnabled antivirus zmcontrol restart
Below is an example of a log when receiving an email that contains macro
Aug 26 22:08:39 mail amavis[14846]: (14846-01) Blocked INFECTED (Doc.Downloader.Sagent-9509377-0) {DiscardedInternal,Quarantined}, ORIGINATING/MYNETS LOCAL [192.XX.XX.XX]:52397-> , quarantine: virus-quarantine.ftadxygb@example, Queue-ID: 1B94321DFA, Message-ID: <765303229.3436.1598454519051.JavaMail.zimbra@example>, mail_id: zC5Boc72xRnl, Hits: -, size: 312834, 353 ms
Good Luck 🙂
Excellent
Will implement! 🙂
Thanks!
Thank you very much!
Maybe make exceptions for the required domains?
Hi Alexander,
This guidance applies to global. I haven’t know how to make an exceptions
hi
some time its discard important email as well with proper file and domain . can you please let us know how to fix that .
Hi,
You can disable macro check on ClamAV. So, the macros file can be accepted
Hello Iman,
I need to allow only text file attachment for single user it is possible?
Hi Sunil,
No, it is not. Blocking will apply to all users