Re: [clamav-users] ScanOLE2 yes disables macro virus detection

Hi Steve, When I scan the file with any of: clamscan -z --scan-ole2=no --database=badmacro.ndb clamscan -z --scan-ole2=yes --database=badmacro.ndb clamscan -z --scan-ole2=no 13 signatures from badmacro.ndb are detected. But when I scan the file with clamscan -z --scan-ole2=yes no signatures f

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 14:03, Steve Basford wrote: On Sun, February 7, 2016 9:08 am, Walter H. wrote: On 04.02.2016 00:55, G wrote: /\ invalid e-mail address No idea where the above header comes from, other that a "person" called "G" A new request with request id 136 has been created by Steve basford

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On Sun, February 7, 2016 9:08 am, Walter H. wrote: > On 04.02.2016 00:55, G wrote: > /\ > invalid e-mail address No idea where the above header comes from, other that a "person" called "G" >> A new request with request id 136 has been created by Steve basford. >> Short info on the request is :

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 11:44, Al Varnell wrote: And it’s not my system, I meant the ClamAV system itself or any other system involved in generating any kind of signatures usable by ClamAV... smime.p7s Description: S/MIME Cryptographic Signature ___ Help us

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On Sun, February 7, 2016 8:30 am, David Shrimpton wrote: > Hi, > > > But most of the badmacro or other unofficial virus signatures written to > detect macro virus are written against the container itself which has the > compressed macro code in it. They are not written against the > uncompressed

Re: [clamav-users] New request created with ID: ##136## from Steve basford

Walter, I understood that you were talking about a Feb 4 message, and I told you that I have no idea where it came from or who vuln-watch might be. I’ve never seen a message like that before, so I can’t tell you anything about how it might have been generated or how you ended up with it. All

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 11:20, Al Varnell wrote: I have no idea where that message from vuln-watch could have come from, but the original that Steve sent to the list and directly to you on Jan 18 can be seen at: no this is another

Re: [clamav-users] New request created with ID: ##136## from Steve basford

I have no idea where that message from vuln-watch could have come from, but the original that Steve sent to the list and directly to you on Jan 18 can be seen at: -Al- On Sun, Feb 07, 2016 at 01:08 AM, Walter H. wrote: >

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 04.02.2016 00:55, G wrote: /\ invalid e-mail address A new request with request id 136 has been created by Steve basford. Short info on the request is : Title : Re: [clama

[clamav-users] ScanOLE2 yes disables macro virus detection

Hi, I found some problems with the way clamav handles OLE2 containers. This is causing many macro virus sigatures to not work and many viruses to be missed: If ScanOLE2 is set to yes, clamav only appears to scan the decompressed macro files in OLE2 containers. It does not scan any of the other f