Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Report bugs and workarounds
Post Reply
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by ovizii »

So I had a message blocked as a VIRUS, with the following reason:

Code: Select all

Clamd: message was infected: Heuristics.OLE2.ContainsMacros ,Clamd: T160601A.doc was infected: Heuristics.OLE2.ContainsMacros
So I did some research an in my /etc/clamd.conf I see:

Code: Select all

# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros yes
so how come it got blocked? Any ideas please? I need to correct this :-/
Top
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by ovizii »

To avoid problems, until I have sorted this out, I would like to quarantine viruses too.

I had previously tried achieving that with this:

Code: Select all

Quarantine Infections = yes
but that didn't help. I have no added the following options in my /etc/MailScanner/MailScanner.conf

Code: Select all

Keep Spam And MCP Archive Clean = no
# This can also be the filename of a ruleset.
Quarantine Silent Viruses = yes
these mods helped, I can now see quarantined viruses, all single parts of it and chose which to release. Still I'd like to know why the Macro was blocked as a virus in the first place, see my first post in this thread.
Top
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by ovizii »

still seeing docs containing macros blocked:

Code: Select all

Clamd: message was infected: Heuristics.OLE2.ContainsMacros ,Clamd: T160601A.doc was infected: Heuristics.OLE2.ContainsMacros
and even though these mails now get quarantined I cannot release them. Well, I select release or release to alternate recipient and nothing happens:

Code: Select all

Quarantine Command Results
Result Messages: 	
Error: 	 N
as in no results at all :-/
I had to install alpine and then email the quarantined doc manually.
Top
User avatar
shawniverson
Posts: 3783
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:
Contact shawniverson

Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by shawniverson »

Heuristic scanning is turned on in clam :/

That's probably the issue.
Top
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by ovizii »

I think this text is wrong:

Code: Select all

# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros yes
It looks like specifically setting

Code: Select all

OLE2BlockMacros no
works.

Can someone confirm?
Top
User avatar
shawniverson
Posts: 3783
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:
Contact shawniverson

Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros

Post by shawniverson »

Yes, that is correct.
Top
Post Reply

Return to “3.x Bugs”