... | ... |
@@ -267,6 +267,7 @@ void help(void) |
267 | 267 |
mprintf(" --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)\n"); |
268 | 268 |
mprintf(" --detect-broken[=yes/no(*)] Try to detect broken executable files\n"); |
269 | 269 |
mprintf(" --block-encrypted[=yes/no(*)] Block encrypted archives\n"); |
270 |
+ mprintf(" --block-macros[=yes/no(*)] Block OLE2 files with VBA macros\n"); |
|
270 | 271 |
mprintf(" --nocerts Disable authenticode certificate chain verification in PE files\n"); |
271 | 272 |
mprintf(" --dumpcerts Dump authenticode certificate chain in PE files\n"); |
272 | 273 |
mprintf("\n"); |
... | ... |
@@ -1056,6 +1056,9 @@ int scanmanager(const struct optstruct *opts) |
1056 | 1056 |
if(optget(opts, "block-encrypted")->enabled) |
1057 | 1057 |
options |= CL_SCAN_BLOCKENCRYPTED; |
1058 | 1058 |
|
1059 |
+ if(optget(opts, "block-macros")->enabled) |
|
1060 |
+ options |= CL_SCAN_BLOCKMACROS; |
|
1061 |
+ |
|
1059 | 1062 |
if(optget(opts, "scan-pe")->enabled) |
1060 | 1063 |
options |= CL_SCAN_PE; |
1061 | 1064 |
|
... | ... |
@@ -183,6 +183,9 @@ Mark broken executables as viruses (Broken.Executable). |
183 | 183 |
\fB\-\-block\-encrypted[=yes/no(*)]\fR |
184 | 184 |
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). |
185 | 185 |
.TP |
186 |
+\fB\-\-block\-macros[=yes/no(*)]\fR |
|
187 |
+Mark OLE2 files containing VBA macros as viruses (Heuristics.OLE2.ContainsMacros). |
|
188 |
+.TP |
|
186 | 189 |
\fB\-\-max\-filesize=#n\fR |
187 | 190 |
Extract and scan at most #n bytes from each archive. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB) |
188 | 191 |
.TP |
... | ... |
@@ -348,7 +348,7 @@ const struct clam_option __clam_options[] = { |
348 | 348 |
|
349 | 349 |
{ "ScanOLE2", "scan-ole2", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" }, |
350 | 350 |
|
351 |
- { "OLE2BlockMacros", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled OLE2 files with VBA macros, which were not\ndetected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".", "no" }, |
|
351 |
+ { "OLE2BlockMacros", "block-macros", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled OLE2 files with VBA macros, which were not\ndetected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".", "no" }, |
|
352 | 352 |
|
353 | 353 |
{ "ScanPDF", "scan-pdf", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout decoding and additional processing.", "yes" }, |
354 | 354 |
|