Am 14.09.2016 um 17:47 schrieb Alex:
The problem with setting OLE2BlockMacros to yes is that if you don't
implement your own signatures against macro code, setting
OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros
to be returned and disables all official and unofficial signatures.
If OLE2BlockMacros is Yes then the only option is to treat every file
with macros as a virus and eg discard if you want to block the files
that do contain a macro virus, as outlined by David Shrimpton on this
list a few weeks ago
On 15.09.16 00:51, Reindl Harald wrote:
which is the whole point
it's impossible to get them all catched with sgnatures because they
change all the time and so if you want to be sure you need to treat
every office macro as bad - they don't belong into emails these days
frankly i have seen companies blocking every .doc and .xls attachment
with a reject info that you should use .docx and .xslx becasue they
can't contain macros (would be .docm for the new formats)
.docm is docx with macros, so they would want to block them too :-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
