In the source code for clamd this is found:
if(optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options |= CL_SCAN_OLE2;
if(optget(opts, "OLE2BlockMacros")->enabled) {
logg("OLE2: Blocking all VBA macros.\n");
options |= CL_SCAN_BLOCKMACROS;
}
} else {
logg("OLE2 support disabled.\n");
}
It would appear the option, of set, returns a positive hit for any VBA macro.
This action also requires ScanOLE2 option be enabled (which is the default).
dp
On 8/25/16 11:39 AM, Alex wrote:
Hi,
When this option is set to Yes, the
emails are tagged, but even emails with macro virus attachments are
forwarded on, not blocked
problem is that you don't understand your mailsystem, clamd itself only
hives back with signatures are hit and then the glue (amavis oder
clamav-milter or something like that) makes decisions what happens with the
message
No, I understand my mail system. You are assuming I don't understand
the mail system because it's easy for you to answer in that way rather
than look at the whole context of the post. I never said that I
expected clamav to actually block the viruses itself. Of course I
understand amavisd is responsible for that. In case there was some
confusion before, let it be known I understand clamav is not
responsible for the destiny of the email.
I'm talking about the clamav option OLE2BlockMacros option. This is a
clamav option, not an amavis option.
Maybe I should have stated my question more simply:
What is the purpose of the OLE2BlockMacros option? What happens when
it's set to "Yes"? What happens when it's set to "No"?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml