[clamav-users] No notice of OLE2.ContainsMacros

[Mark Foley]

Before I submit a bug report on this, I thought I'd see if any list members have ideas.

I'm running clamav 0.99.2 on Linux Slackware64 14.1.  I'm running clamav-milter
for sendmail.  I have "OLE2BlockMacros yes" set in /usr/local/etc/clamd.conf.
This is working fine, I get:

fd[10]: Heuristics.OLE2.ContainsMacros(fa7491778b806ca1fdc4a809ea3213d5:47944) FOUND

in /var/log/clamd.log when it finds such macros, and the email is put in the
quarantine mail queue.

My problem is that when I run clamscan manually I can never see these files as
having blocked macros. I've tried all the switch settings I can thing of,
especially --block-macros=yes, but I get nothing, e.g.:

$ clamscan -a -v -z --block-macros=yes /var/spool/mqueue/dfuBJBh64e020058
Scanning /var/spool/mqueue/dfuBJBh64e020058
/var/spool/mqueue/dfuBJBh64e020058: OK

----------- SCAN SUMMARY -----------
Known viruses: 5304016
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.09 MB
Data read: 0.04 MB (ratio 2.00:1)
Time: 5.775 sec (0 m 5 s)

This message is in the quarantine mail queue and got there because
clamav-milter/clamd found a macro -- which it logged in /var/log/clamd.log, but
I cannot get clamscan to output any indiciation of this condition. I always get
"Infected files: 0" -- nothing about macros.

Is there something I can do, or is this just a bug?

THX - Mark