[clamav-users] CryLocker and Cryptolocker

Reindl Harald h.reindl at thelounge.net
Wed Sep 14 18:51:33 EDT 2016

Am 14.09.2016 um 17:47 schrieb Alex:
> The problem with setting OLE2BlockMacros to yes is that if you don't
> implement your own signatures against macro code, setting
> OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros
> to be returned and disables all official and unofficial signatures.
> If OLE2BlockMacros is Yes then the only option is to treat every file
> with macros as a virus and eg discard if you want to block the files
> that do contain a macro virus, as outlined by David Shrimpton on this
> list a few weeks ago

which is the whole point

it's impossible to get them all catched with sgnatures because they 
change all the time and so if you want to be sure you need to treat 
every office macro as bad - they don't belong into emails these days

frankly i have seen companies blocking every .doc and .xls attachment 
with a reject info that you should use .docx and .xslx becasue they 
can't contain macros (would be .docm for the new formats)

More information about the clamav-users mailing list