Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble removing Word macros #2

Open
ashlineldridge opened this issue May 30, 2017 · 1 comment
Open

Trouble removing Word macros #2

ashlineldridge opened this issue May 30, 2017 · 1 comment
Assignees
@decalage2
Labels
enhancement

Comments

@ashlineldridge
Copy link

Hi,

I'm attempting to use ExeFilter.py to remove Word macros on Mac and Linux. When I run ExeFilter.py against a .doc file with macros it reports that it cleaned the file but scanning the file with Clamav still reports Heuristics.OLE2.ContainsMacros FOUND.

I've tested this with both version 1.1.3 and version 1.1.4-alpha6 and get the same results. Could you advise as to whether complete macro removal is possible with ExeFilter such that Clamav would not report an error?

Thanks,

Ashlin.
@decalage2 decalage2 self-assigned this May 30, 2017
@decalage2
Copy link
Owner

Hi Ashlin, I would say it is normal, because on Mac and Linux, ExeFilter only renames one of the VBA streams so that Word and Excel do not find it. In practice this is enough to disable macros, but some scanners such as ClamAV can still see the VBA data.

That issue does not happen on Windows, because ExeFilter uses the system DLLs to actually remove the VBA stream from the file.

A solution would be to use the recent write features of olefile, to wipe out the VBA streams data completely. Not sure when I can do it, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@decalage2 decalage2

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashlineldridge @decalage2