unsubscribe -----Original Message----- From: "Mark Foley" <mfo...@novatec-inc.com> Sent: Monday, December 19, 2016 8:36am To: clamav-users@lists.clamav.net Subject: [clamav-users] No notice of OLE2.ContainsMacros
Before I submit a bug report on this, I thought I'd see if any list members have ideas. I'm running clamav 0.99.2 on Linux Slackware64 14.1. I'm running clamav-milter for sendmail. I have "OLE2BlockMacros yes" set in /usr/local/etc/clamd.conf. This is working fine, I get: fd[10]: Heuristics.OLE2.ContainsMacros(fa7491778b806ca1fdc4a809ea3213d5:47944) FOUND in /var/log/clamd.log when it finds such macros, and the email is put in the quarantine mail queue. My problem is that when I run clamscan manually I can never see these files as having blocked macros. I've tried all the switch settings I can thing of, especially --block-macros=yes, but I get nothing, e.g.: $ clamscan -a -v -z --block-macros=yes /var/spool/mqueue/dfuBJBh64e020058 Scanning /var/spool/mqueue/dfuBJBh64e020058 /var/spool/mqueue/dfuBJBh64e020058: OK ----------- SCAN SUMMARY ----------- Known viruses: 5304016 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.09 MB Data read: 0.04 MB (ratio 2.00:1) Time: 5.775 sec (0 m 5 s) This message is in the quarantine mail queue and got there because clamav-milter/clamd found a macro -- which it logged in /var/log/clamd.log, but I cannot get clamscan to output any indiciation of this condition. I always get "Infected files: 0" -- nothing about macros. Is there something I can do, or is this just a bug? THX - Mark _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
