[clamav-users] Understanding OLE2BlockMacros
Steve Basford
steveb_clamav at sanesecurity.com
Thu Aug 25 19:10:51 UTC 2016
>
> Try this:
> 1) Enable OLE2BlockMacros and restart clamd
> 2) Use clamdscan to test your sample message and note the results
> 3) Disable OLE2BlockMacros and restart clamd
> 4) Use clamdscan to test your sample message again and note these results
>
>
Something else...
In amavisd-new there are virus_name_to_spam_score_maps
For example:
http://sanesecurity.com/support/problems/
If the setting to block macros is enable in ClamAV and is actually hitting,
it should hit with Heuristics.OLE2.ContainsMacros
But.. I don't think amavisd-new has a virus_name_to_spam_score_maps for
Heuristics.OLE2.ContainsMacros so, it might let the email through but
just mark it, instead of blocking it?
Eg...
# [ qr’^Heuristics\.OLE2\.ContainsMacros’
=> undef ],# keep as infected
Does that change things?
Cheers,
Steve
Web : sanesecurity.com
Twitter: @sanesecurity
More information about the clamav-users
mailing list