Browse code
bb1436 - clamscan 'block-macros' option. Patch by Kai Risku.
Steven Morgan authored on 2016/03/11 08:26:33Showing 4 changed files
| ... | ... |
@@ -267,6 +267,7 @@ void help(void) |
| 267 | 267 |
mprintf(" --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)\n");
|
| 268 | 268 |
mprintf(" --detect-broken[=yes/no(*)] Try to detect broken executable files\n");
|
| 269 | 269 |
mprintf(" --block-encrypted[=yes/no(*)] Block encrypted archives\n");
|
| 270 |
+ mprintf(" --block-macros[=yes/no(*)] Block OLE2 files with VBA macros\n");
|
|
| 270 | 271 |
mprintf(" --nocerts Disable authenticode certificate chain verification in PE files\n");
|
| 271 | 272 |
mprintf(" --dumpcerts Dump authenticode certificate chain in PE files\n");
|
| 272 | 273 |
mprintf("\n");
|
| ... | ... |
@@ -1056,6 +1056,9 @@ int scanmanager(const struct optstruct *opts) |
| 1056 | 1056 |
if(optget(opts, "block-encrypted")->enabled) |
| 1057 | 1057 |
options |= CL_SCAN_BLOCKENCRYPTED; |
| 1058 | 1058 |
|
| 1059 |
+ if(optget(opts, "block-macros")->enabled) |
|
| 1060 |
+ options |= CL_SCAN_BLOCKMACROS; |
|
| 1061 |
+ |
|
| 1059 | 1062 |
if(optget(opts, "scan-pe")->enabled) |
| 1060 | 1063 |
options |= CL_SCAN_PE; |
| 1061 | 1064 |
|
| ... | ... |
@@ -183,6 +183,9 @@ Mark broken executables as viruses (Broken.Executable). |
| 183 | 183 |
\fB\-\-block\-encrypted[=yes/no(*)]\fR |
| 184 | 184 |
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). |
| 185 | 185 |
.TP |
| 186 |
+\fB\-\-block\-macros[=yes/no(*)]\fR |
|
| 187 |
+Mark OLE2 files containing VBA macros as viruses (Heuristics.OLE2.ContainsMacros). |
|
| 188 |
+.TP |
|
| 186 | 189 |
\fB\-\-max\-filesize=#n\fR |
| 187 | 190 |
Extract and scan at most #n bytes from each archive. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB) |
| 188 | 191 |
.TP |
| ... | ... |
@@ -348,7 +348,7 @@ const struct clam_option __clam_options[] = {
|
| 348 | 348 |
|
| 349 | 349 |
{ "ScanOLE2", "scan-ole2", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.\nIf you turn off this option, the original files will still be scanned, but\nwithout additional processing.", "yes" },
|
| 350 | 350 |
|
| 351 |
- { "OLE2BlockMacros", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "With this option enabled OLE2 files with VBA macros, which were not\ndetected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".", "no" },
|
|
| 351 |
+ { "OLE2BlockMacros", "block-macros", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled OLE2 files with VBA macros, which were not\ndetected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".", "no" },
|
|
| 352 | 352 |
|
| 353 | 353 |
{ "ScanPDF", "scan-pdf", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option enables scanning within PDF files.\nIf you turn off this option, the original files will still be scanned, but\nwithout decoding and additional processing.", "yes" },
|
| 354 | 354 |
|