From 3c27ee262acd40dbdaaa51d7311a69d4c42bb5ff Mon Sep 17 00:00:00 2001 From: "Val S." Date: Thu, 9 Oct 2025 20:51:43 -0400 Subject: [PATCH] Scan performance optimization for TNEF message scans Uncompressed ZIP-based TNEF message attachments, like OOXML office document attachments, get double-extracted because of embedded file type recognition. To prevent excessive scan times, disable embedded file type recognition for TNEF files and relay on TNEF parsing to extract attachments. CLAM-2885 --- libclamav/scanners.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libclamav/scanners.c b/libclamav/scanners.c index 2cb2cca49..f21494545 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -3650,7 +3650,9 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi // Omit OLD TAR files because it's a raw archive format that we can extract and scan manually. (type != CL_TYPE_OLD_TAR) && // Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually. - (type != CL_TYPE_POSIX_TAR)) { + (type != CL_TYPE_POSIX_TAR) && + // Omit TNEF files because TNEF message attachments are raw / not compressed. Document and ZIP attachments would be likely to have double-extraction issues. + (type != CL_TYPE_TNEF)) { /* * Enable file type recognition scan mode if requested, except for some problematic types (above). */