ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
OLE2BlockMacros does not work properly
binkle


Joined: 11 Jul 2013
Posts: 7
Reply with quote
Hi,
to test optoin I created a simply Word (2016) document containing a simple test macro.
ClamWin does not detect it.

Any ideas?

Greetings Harry
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
If your macro doesn't appear malicious, ClamWin (with the Clam AV scan engine and virus signatures) will not detect it. Try the EICAR virus instead--download it from the European web site.

If ClamWin is scanning okay, it will detect any file for which there is a signature in the Clam AV virus signature database. If you have set up your own custom file extensions to scan, it will only scan files with those extensions.

Regards,
View user's profileSend private message
binkle


Joined: 11 Jul 2013
Posts: 7
Reply with quote
Hi,
thanks for your reply.
EICAR works fine and some "real" virus are detected.
But the option "OLE2BlockMacros" promisses to set any document containing a VBA macros as virus even if no signature applies:

Quote:
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".


Best regards,

Harald Binkle
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
I see. ClamWin uses the Clam AV scan engine and virus signatures, but, for some time now, not all of the Clam AV configuration options are available in ClamWin. This started with version .95, I believe.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
binkle


Joined: 11 Jul 2013
Posts: 7
Reply with quote
Hi,
I assume the problem is no general windows issue or a missing option.
I can see "Heuristics.OLE2.ContainsMacros" matching on some mails, but it looks to me as if it only applies to the old office formats.
For office documents created by 2007 and newer the VBA detection seem to fail. (the zip format simply containing the vbaProject.bin file)

Regards,
Harald
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Hello binkle.

Please file this over at ClamAV's Bugzilla here: https://bugzilla.clamav.net/.
View user's profileSend private message
OLE2BlockMacros does not work properly
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic