Rulesets for documents with OLE2 macros

Steve Basford steveb_clamav at
Fri Aug 14 07:05:14 UTC 2015

On Fri, August 14, 2015 4:02 am, Peter Lemieux wrote:

> MailScanner[4652]: Clamd::INFECTED:: Heuristics.OLE2.ContainsMacros ::
> ./t7DDKoxE006712/AccountDocuments.doc
Hi Peter,

Heuristics.OLE2.ContainsMacros will block *ALL* macros good/bad, so I guess
that's why you want to whitelist some "good" senders.

In case it helps, yesterday I added a new database to stop bad macros...
instead of using the Heuristics.OLE2.ContainsMacros:


So, if you use this as well as phish.ndb it's take care of the bad stuff.

New download scipts

Other signatures:


Web :

More information about the MailScanner mailing list