Browse code
Scan performance optimization for TNEF message scans
Uncompressed ZIP-based TNEF message attachments, like OOXML office
document attachments, get double-extracted because of embedded file type
recognition.
To prevent excessive scan times, disable embedded file type recognition
for TNEF files and relay on TNEF parsing to extract attachments.
CLAM-2885
Val S. authored on 2025/10/10 09:51:43Showing 1 changed files
| ... | ... |
@@ -3650,7 +3650,9 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi |
| 3650 | 3650 |
// Omit OLD TAR files because it's a raw archive format that we can extract and scan manually. |
| 3651 | 3651 |
(type != CL_TYPE_OLD_TAR) && |
| 3652 | 3652 |
// Omit POSIX TAR files because it's a raw archive format that we can extract and scan manually. |
| 3653 |
- (type != CL_TYPE_POSIX_TAR)) {
|
|
| 3653 |
+ (type != CL_TYPE_POSIX_TAR) && |
|
| 3654 |
+ // Omit TNEF files because TNEF message attachments are raw / not compressed. Document and ZIP attachments would be likely to have double-extraction issues. |
|
| 3655 |
+ (type != CL_TYPE_TNEF)) {
|
|
| 3654 | 3656 |
/* |
| 3655 | 3657 |
* Enable file type recognition scan mode if requested, except for some problematic types (above). |
| 3656 | 3658 |
*/ |