[Rspamd-Users] Another question regarding oletools
Thomas Plant
thomas at plant.systems
Thu Jul 11 07:14:35 UTC 2019
Am 09.07.2019 um 19:42 schrieb Carsten Rosenberg:
> Hey,
>
> We have an issue with the delayed_scan mode and postfilter symbols here.
>
> You stay with delayed_scan (oletools will only be called if the score is
> between 0 and 2*reject_score) using composites:
>
> OLETOOLS_C {
> expression = "OLETOOLS";
> score = 15.0;
> }
>
> Or you disable delayed_scan using
>
> delayed_scan = false;
> symbol_type = "normal";
>
> in the oletools block in external_services.conf
>
> --
> Carsten
>
> On 09.07.19 12:03, Thomas Plant via Users wrote:
>> Hi,
>>
>> I have another question about oletools. I do not get any score when
>> oletools discovers something bad in an office document. Shouldn't it
>> assign a score > 1 for the example below? In the rspamd symbols I see
>> the following:
>>
>> OLETOOLS(0.00){AutoExec + Suspicious (Workbook_Open,Shell,Chr);}
>>
>> And in local.d/external_services_group.conf I have:
>>
>> symbols = {
>> "OLETOOLS" {
>> weight = 1.1;
>> description = "OLETOOLS found a Macro";
>> }
>> }
>>
>> What am I getting wrong?
>>
>> Greetings,
>> Thomas
>>
Hi,
thanks for the answer. If I set 'delayed_scan = false;' will this impact
speed of the other spam checks?
Thomas
More information about the Users
mailing list