Open ashlineldridge opened 7 years ago
Hi Ashlin, I would say it is normal, because on Mac and Linux, ExeFilter only renames one of the VBA streams so that Word and Excel do not find it. In practice this is enough to disable macros, but some scanners such as ClamAV can still see the VBA data.
That issue does not happen on Windows, because ExeFilter uses the system DLLs to actually remove the VBA stream from the file.
A solution would be to use the recent write features of olefile, to wipe out the VBA streams data completely. Not sure when I can do it, though.
Hi,
I'm attempting to use
ExeFilter.py
to remove Word macros on Mac and Linux. When I runExeFilter.py
against a.doc
file with macros it reports that it cleaned the file but scanning the file with Clamav still reportsHeuristics.OLE2.ContainsMacros FOUND
.I've tested this with both version 1.1.3 and version 1.1.4-alpha6 and get the same results. Could you advise as to whether complete macro removal is possible with ExeFilter such that Clamav would not report an error?
Thanks,
Ashlin.