Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Scan performance optimization for TNEF message scans

Browse source 
Uncompressed ZIP-based TNEF message attachments, like OOXML office
document attachments, get double-extracted because of embedded file type
recognition.

To prevent excessive scan times, disable embedded file type recognition
for TNEF files and relay on TNEF parsing to extract attachments.

CLAM-2885
This commit is contained in:
Val S. 2025-10-09 20:51:43 -04:00
parent 389ccf2e1d
commit b720cfaaca
No known key found for this signature in database
GPG key ID: 3A7D293D8274CA1B
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
libclamav/scanners.c
View file

@ -3650,7 +3650,9 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi
// Omit OLD TAR files because it's a raw archive format that we can extract and scan manually. // Omit OLD TAR files because it's a raw archive format that we can extract and scan manually.
(type != CL_TYPE_OLD_TAR) && (type != CL_TYPE_OLD_TAR) &&
// Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually. // Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually.
(type != CL_TYPE_POSIX_TAR)) { (type != CL_TYPE_POSIX_TAR) &&
// Omit TNEF files because TNEF message attachments are raw / not compressed. Document and ZIP attachments would be likely to have double-extraction issues.
(type != CL_TYPE_TNEF)) {
/* /*
* Enable file type recognition scan mode if requested, except for some problematic types (above). * Enable file type recognition scan mode if requested, except for some problematic types (above).
*/ */