Page 1 of 1
Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 02 Jun 2016 06:22
by ovizii
So I had a message blocked as a VIRUS, with the following reason:
Code: Select all
Clamd: message was infected: Heuristics.OLE2.ContainsMacros ,Clamd: T160601A.doc was infected: Heuristics.OLE2.ContainsMacros
So I did some research an in my /etc/clamd.conf I see:
Code: Select all
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros yes
so how come it got blocked? Any ideas please? I need to correct this :-/
Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 02 Jun 2016 06:33
by ovizii
To avoid problems, until I have sorted this out, I would like to quarantine viruses too.
I had previously tried achieving that with this:
but that didn't help. I have no added the following options in my /etc/MailScanner/MailScanner.conf
Code: Select all
Keep Spam And MCP Archive Clean = no
# This can also be the filename of a ruleset.
Quarantine Silent Viruses = yes
these mods helped, I can now see quarantined viruses, all single parts of it and chose which to release.
Still I'd like to know why the Macro was blocked as a virus in the first place, see my first post in this thread.
Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 02 Jun 2016 20:37
by ovizii
still seeing docs containing macros blocked:
Code: Select all
Clamd: message was infected: Heuristics.OLE2.ContainsMacros ,Clamd: T160601A.doc was infected: Heuristics.OLE2.ContainsMacros
and even though these mails now get quarantined I cannot release them. Well, I select release or release to alternate recipient and nothing happens:
Code: Select all
Quarantine Command Results
Result Messages:
Error: N
as in no results at all :-/
I had to install alpine and then email the quarantined doc manually.
Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 03 Jun 2016 21:46
by shawniverson
Heuristic scanning is turned on in clam :/
That's probably the issue.
Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 04 Jun 2016 05:54
by ovizii
I think this text is wrong:
Code: Select all
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros yes
It looks like specifically setting
works.
Can someone confirm?
Re: Help with: Clamd: message was infected: Heuristics.OLE2.ContainsMacros
Posted: 12 Jun 2016 00:26
by shawniverson
Yes, that is correct.