Rulesets for documents with OLE2 macros
Steve Basford
steveb_clamav at sanesecurity.com
Fri Aug 14 07:05:14 UTC 2015
On Fri, August 14, 2015 4:02 am, Peter Lemieux wrote:
> MailScanner[4652]: Clamd::INFECTED:: Heuristics.OLE2.ContainsMacros ::
> ./t7DDKoxE006712/AccountDocuments.doc
>
>
Hi Peter,
Heuristics.OLE2.ContainsMacros will block *ALL* macros good/bad, so I guess
that's why you want to whitelist some "good" senders.
In case it helps, yesterday I added a new database to stop bad macros...
instead of using the Heuristics.OLE2.ContainsMacros:
badmacro.ndb
So, if you use this as well as phish.ndb it's take care of the bad stuff.
New download scipts
http://sanesecurity.com/usage/linux-scripts/
Other signatures:
http://sanesecurity.com/usage/signatures/
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the MailScanner
mailing list