Block macro word documents

Peter H. Lemieux mailscanner at
Mon Dec 14 18:08:55 UTC 2015

After one of my clients had a problem with embedded Office macros, they blocked their users from opening macros altogether.  I believe you can use an MS group policy for this, though as a Linux person, I can't say for sure.

If I were managing a network, I'd certainly implement that policy.  I was a bit surprised it wasn't the default at my client's site.  I can see reasons to allow some selected people to run macros, but they'd be the exception not the rule.

As Jerry says, you can block macros entirely with ClamAV.  In clamd.conf, set

ScanOLE2 yes
OLE2BlockMacros yes


On 12/14/2015 11:22 AM, tmeireles at wrote:
> Two malicious emails with macro word documents with the extension .doc got through today.
> Was wondering what you guys do to block malicious macro word documents?

More information about the MailScanner mailing list