Fix issue recording OOXML document metadata

The ZIP single record search feature is used to find specific files when parsing OOXML documents. I observed that the core properties for a PowerPoint file were missing in a test as compared with the previous release. The error handling check for the unzip search returns CL_VIRUS when there is a match, not CL_SUCCESS! CLAM-2886
Scan performance optimization for TNEF message scans
2025-10-19 02:13:16 +00:00 · 2025-10-09 21:27:18 -04:00 · 2025-10-09 20:51:43 -04:00
2 changed files with 4 additions and 2 deletions
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -3650,7 +3650,9 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi
        // Omit OLD TAR files because it's a raw archive format that we can extract and scan manually.
        (type != CL_TYPE_OLD_TAR) &&
        // Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually.
-        (type != CL_TYPE_POSIX_TAR)) {
+        (type != CL_TYPE_POSIX_TAR) &&
+        // Omit TNEF files because TNEF message attachments are raw / not compressed. Document and ZIP attachments would be likely to have double-extraction issues.
+        (type != CL_TYPE_TNEF)) {
        /*
         * Enable file type recognition scan mode if requested, except for some problematic types (above).
         */
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@ -2109,7 +2109,7 @@ cl_error_t unzip_search_single(cli_ctx *ctx, const char *name, size_t nlen, uint

    // Search for the zip file entry in the current layer.
    status = unzip_search(ctx, &requests);
-    if (CL_SUCCESS == status) {
+    if (CL_VIRUS == status) {
        *loff = requests.loff;
    }