[clamav-users] CryLocker and Cryptolocker

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Sep 15 04:12:49 EDT 2016

>Am 14.09.2016 um 17:47 schrieb Alex:
>>The problem with setting OLE2BlockMacros to yes is that if you don't
>>implement your own signatures against macro code, setting
>>OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros
>>to be returned and disables all official and unofficial signatures.
>>If OLE2BlockMacros is Yes then the only option is to treat every file
>>with macros as a virus and eg discard if you want to block the files
>>that do contain a macro virus, as outlined by David Shrimpton on this
>>list a few weeks ago

On 15.09.16 00:51, Reindl Harald wrote:
>which is the whole point
>it's impossible to get them all catched with sgnatures because they 
>change all the time and so if you want to be sure you need to treat 
>every office macro as bad - they don't belong into emails these days
>frankly i have seen companies blocking every .doc and .xls attachment 
>with a reject info that you should use .docx and .xslx becasue they 
>can't contain macros (would be .docm for the new formats)

.docm is docx with macros, so they would want to block them too :-)
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

More information about the clamav-users mailing list