On Tue, 16 Aug 2016, Jack wrote: > Hello, > > I am attempting to dissect a document’s macros using sigtool, but am running > into a problem. Nothing is being returned when the following command is run: > > $ sigtool --vba > '237b81cda8251aac11eaa28387765e6dd165664aa87563a6bce5951dd5ca4de3.bin’
The document isn't a zip file is it ? (Or some other file containing the OLE2 file) The Microsoft Word 2007+ file I had the same error with was a zip archive so I had to do a zipinfo to find the vba file , which is the OLE2 file, then extract that with: unzip file.doc word/vbaProject.bin Then run sigtool --vba=word/vbaProject.bin > macros sigtool was just failing because the Microsoft Word 2007+ file was not an OLE2. clamav succeeds as it extracts the OLE2 file from the zip. oledump must be able to extract the OLE2 file from the zip as well. The same problem occurs with .docx which are zip but not with .doc which are 'CDF V2 Document' which are the OLE2 file itself. -- David Shrimpton _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
