VIRUSNAME_PREFIX("SUBMIT.NotPDF")
 VIRUSNAMES("InActive", "Submit")
 

 /* Target type is 0, all relevant files */
 TARGET(0)
 
 /* Declares to run bytecode only for preclassification (affecting only preclass files) */
 PRECLASS_HOOK_DECLARE

 
 /* JSON API call will require FUNC_LEVEL_098_5 = 78 */

 /* PRECLASS_HOOK_DECLARE will require FUNC_LEVEL_098_7 = 80 */
 FUNCTIONALITY_LEVEL_MIN(FUNC_LEVEL_098_7)

 
 #define STR_MAXLEN 256
 
 int entrypoint ()
 {

     int32_t type, obj, strlen;
     char str[STR_MAXLEN];
 
     /* check is json is available, alerts on inactive (optional) */
     if (!json_is_active()) {
         return -1;
     }
 
     /* acquire array of internal contained objects */
     obj = json_get_object("FileType", 8, 0);
     if (obj <= 0) return -1;
 
     /* acquire and check type */
     type = json_get_type(obj);
     if (type == JSON_TYPE_STRING) {
         /* acquire string length, note +1 is for the NULL terminator */
         strlen = json_get_string_length(obj)+1;
         /* prevent buffer overflow */
         if (strlen > STR_MAXLEN)
             strlen = STR_MAXLEN;
         /* acquire string data, note strlen includes NULL terminator */
         if (json_get_string(str, strlen, obj)) {
             /* debug print str (with '\n' and prepended message */
             debug_print_str(str,strlen);
 
             /* check the contained object's type */
             if (!(strlen == 12) || !memcmp(str, "CL_TYPE_PDF", 12)) {
                 foundVirus("Submit");
             }
         }
     }
 

     return 0;
 }