[clamav-users] Understanding OLE2BlockMacros
Dennis Peterson
dennispe at inetnw.com
Thu Aug 25 19:00:20 UTC 2016
In the source code for clamd this is found:
if(optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options |= CL_SCAN_OLE2;
if(optget(opts, "OLE2BlockMacros")->enabled) {
logg("OLE2: Blocking all VBA macros.\n");
options |= CL_SCAN_BLOCKMACROS;
}
} else {
logg("OLE2 support disabled.\n");
}
It would appear the option, of set, returns a positive hit for any VBA macro.
This action also requires ScanOLE2 option be enabled (which is the default).
dp
On 8/25/16 11:39 AM, Alex wrote:
> Hi,
>
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hit and then the glue (amavis oder
>> clamav-milter or something like that) makes decisions what happens with the
>> message
> No, I understand my mail system. You are assuming I don't understand
> the mail system because it's easy for you to answer in that way rather
> than look at the whole context of the post. I never said that I
> expected clamav to actually block the viruses itself. Of course I
> understand amavisd is responsible for that. In case there was some
> confusion before, let it be known I understand clamav is not
> responsible for the destiny of the email.
>
> I'm talking about the clamav option OLE2BlockMacros option. This is a
> clamav option, not an amavis option.
>
> Maybe I should have stated my question more simply:
>
> What is the purpose of the OLE2BlockMacros option? What happens when
> it's set to "Yes"? What happens when it's set to "No"?
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list