[clamav-users] Understanding OLE2BlockMacros

Bowie Bailey Bowie_Bailey at BUC.com
Thu Aug 25 15:00:34 EDT 2016


On 8/25/2016 2:39 PM, Alex wrote:
> Hi,
>
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hit and then the glue (amavis oder
>> clamav-milter or something like that) makes decisions what happens with the
>> message
> No, I understand my mail system. You are assuming I don't understand
> the mail system because it's easy for you to answer in that way rather
> than look at the whole context of the post. I never said that I
> expected clamav to actually block the viruses itself. Of course I
> understand amavisd is responsible for that. In case there was some
> confusion before, let it be known I understand clamav is not
> responsible for the destiny of the email.
>
> I'm talking about the clamav option OLE2BlockMacros option. This is a
> clamav option, not an amavis option.
>
> Maybe I should have stated my question more simply:
>
> What is the purpose of the OLE2BlockMacros option? What happens when
> it's set to "Yes"? What happens when it's set to "No"?

What seems to be missing from this discussion is any kind of concrete 
troubleshooting.

You say that when you enable OLE2BlockMacros that messages that should 
have been blocked by a third party signature are allowed through.  Do 
you have one of those messages saved that you can test with?

Try this:
1) Enable OLE2BlockMacros and restart clamd
2) Use clamdscan to test your sample message and note the results
3) Disable OLE2BlockMacros and restart clamd
4) Use clamdscan to test your sample message again and note these results

This will show you the difference in the results with OLE2BlockMacros 
enabled vs disabled and may help in determining the problem.

-- 
Bowie



More information about the clamav-users mailing list