[clamav-users] Understanding OLE2BlockMacros

Dennis Peterson dennispe at inetnw.com
Thu Aug 25 15:00:20 EDT 2016

In the source code for clamd this is found:

     if(optget(opts, "ScanOLE2")->enabled) {
         logg("OLE2 support enabled.\n");
         options |= CL_SCAN_OLE2;
         if(optget(opts, "OLE2BlockMacros")->enabled) {
             logg("OLE2: Blocking all VBA macros.\n");
             options |= CL_SCAN_BLOCKMACROS;
     } else {
         logg("OLE2 support disabled.\n");

It would appear the option, of set, returns a positive hit for any VBA macro. 
This action also requires ScanOLE2 option be enabled (which is the default).


On 8/25/16 11:39 AM, Alex wrote:
> Hi,
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hit and then the glue (amavis oder
>> clamav-milter or something like that) makes decisions what happens with the
>> message
> No, I understand my mail system. You are assuming I don't understand
> the mail system because it's easy for you to answer in that way rather
> than look at the whole context of the post. I never said that I
> expected clamav to actually block the viruses itself. Of course I
> understand amavisd is responsible for that. In case there was some
> confusion before, let it be known I understand clamav is not
> responsible for the destiny of the email.
> I'm talking about the clamav option OLE2BlockMacros option. This is a
> clamav option, not an amavis option.
> Maybe I should have stated my question more simply:
> What is the purpose of the OLE2BlockMacros option? What happens when
> it's set to "Yes"? What happens when it's set to "No"?
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list