[clamav-users] Understanding OLE2BlockMacros

Noel Jones njones at megan.vbhcs.org
Thu Aug 25 14:49:23 EDT 2016

On 8/25/2016 1:39 PM, Alex wrote:
> Hi,
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hit and then the glue (amavis oder
>> clamav-milter or something like that) makes decisions what happens with the
>> message
> No, I understand my mail system. You are assuming I don't understand
> the mail system because it's easy for you to answer in that way rather
> than look at the whole context of the post. I never said that I
> expected clamav to actually block the viruses itself. Of course I
> understand amavisd is responsible for that. In case there was some
> confusion before, let it be known I understand clamav is not
> responsible for the destiny of the email.
> I'm talking about the clamav option OLE2BlockMacros option. This is a
> clamav option, not an amavis option.
> Maybe I should have stated my question more simply:
> What is the purpose of the OLE2BlockMacros option? What happens when
> it's set to "Yes"? What happens when it's set to "No"?
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

Perhaps you missed this setting:

# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended,
saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be
reported only at
# the end of a scan. If an archive contains both a heuristically
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found
# the scan is interrupted immediately, regardless of this config option.
# Default: no
#HeuristicScanPrecedence yes

More information about the clamav-users mailing list