[clamav-users] No notice of OLE2.ContainsMacros
Mark Foley
mfoley at novatec-inc.com
Wed Dec 21 00:32:43 UTC 2016
On Tue, 20 Dec 2016 17:26:10 "G.W. Haywood" wrote:
> To: clamav-users at lists.clamav.net
> Subject: Re: [clamav-users] No notice of OLE2.ContainsMacros
>
> On Tue, 20 Dec 2016, Mark Foley wrote:
>
> > ... running clamscan --block-macros=yes does find the
> > "ContainsMacros" notice. ... (if I specify --block-macros=yes,
> > apparently the settings in /usr/local/etc/clamd.conf aren't used).
>
> Check the documentation. The settings in clamd.conf are for clamd.
> They are never used by clamscan. They will be used by clamd when
> is it responding to requests from clamdscan. Note the distinction
> between clamscan and clamdscan.
My clamscan documentation doesn't mention config files at all and the clamd doc
doesn't explictly say its config *is not* used for other clamXX modules, so I
didn't know for sure.
I did not know about clamdscan! Thanks for that info. I've replaced clamscan
with clamdscan in my script for 2 reasons: First, while clamscan with the
--block-macros=yes switch did work for .doc[x|m] quarantined messaged, it found
macro enabled .xls files to be OK -- clamd quarantined these as well. Therefore,
clamdscan does a better job of finding these macro-enabled files. Secondly,
clamdscan *will* use the /usr/local/etc/clamd.conf, so I have only one place to
worry about config settings.
Thanks! --Mark
More information about the clamav-users
mailing list