[clamav-users] ScanOLE2 yes disables macro virus detection

Hi, I found some problems with the way clamav handles OLE2 containers. This is causing many macro virus sigatures to not work and many viruses to be missed: If ScanOLE2 is set to yes, clamav only appears to scan the decompressed macro files in OLE2 containers. It does not scan any of the other

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 14:03, Steve Basford wrote: On Sun, February 7, 2016 9:08 am, Walter H. wrote: On 04.02.2016 00:55, G wrote: /\ invalid e-mail address No idea where the above header comes from, other that a "person" called "G" A new request with request id 136 has

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 11:20, Al Varnell wrote: I have no idea where that message from vuln-watch could have come from, but the original that Steve sent to the list and directly to you on Jan 18 can be seen at: no this is another

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 11:44, Al Varnell wrote: And it’s not my system, I meant the ClamAV system itself or any other system involved in generating any kind of signatures usable by ClamAV... smime.p7s Description: S/MIME Cryptographic Signature ___ Help

Re: [clamav-users] New request created with ID: ##136## from Steve basford

Walter, I understood that you were talking about a Feb 4 message, and I told you that I have no idea where it came from or who vuln-watch might be. I’ve never seen a message like that before, so I can’t tell you anything about how it might have been generated or how you ended up with it. All

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On Sun, February 7, 2016 9:08 am, Walter H. wrote: > On 04.02.2016 00:55, G wrote: > /\ > invalid e-mail address No idea where the above header comes from, other that a "person" called "G" >> A new request with request id 136 has been created by Steve basford. >>

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On Sun, February 7, 2016 8:30 am, David Shrimpton wrote: > Hi, > > > But most of the badmacro or other unofficial virus signatures written to > detect macro virus are written against the container itself which has the > compressed macro code in it. They are not written against the > uncompressed

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

Hi Steve, When I scan the file with any of: clamscan -z --scan-ole2=no --database=badmacro.ndb clamscan -z --scan-ole2=yes --database=badmacro.ndb clamscan -z --scan-ole2=no 13 signatures from badmacro.ndb are detected. But when I scan the file with clamscan -z --scan-ole2=yes no signatures