Rulesets for documents with OLE2 macros
steveb_clamav at sanesecurity.com
Fri Aug 14 07:05:14 UTC 2015
On Fri, August 14, 2015 4:02 am, Peter Lemieux wrote:
> MailScanner: Clamd::INFECTED:: Heuristics.OLE2.ContainsMacros ::
Heuristics.OLE2.ContainsMacros will block *ALL* macros good/bad, so I guess
that's why you want to whitelist some "good" senders.
In case it helps, yesterday I added a new database to stop bad macros...
instead of using the Heuristics.OLE2.ContainsMacros:
So, if you use this as well as phish.ndb it's take care of the bad stuff.
New download scipts
Web : sanesecurity.com
More information about the MailScanner