Browse code
Removing hard-coded heuristic signature that flags when a PDF has an abnormally high number of filters. Removing due to false positive and because in its current form it cannot be disabled or modified without recompiling ClamAV.
Micah Snyder authored on 2018/02/02 05:16:12Showing 1 changed files
| ... | ... |
@@ -1,5 +1,5 @@ |
| 1 | 1 |
/* |
| 2 |
- * Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
| 2 |
+ * Copyright (C) 2015, 2017-2018 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
| 3 | 3 |
* Copyright (C) 2007-2014 Sourcefire, Inc. |
| 4 | 4 |
* |
| 5 | 5 |
* Authors: Nigel Horne, Török Edvin |
| ... | ... |
@@ -2456,14 +2456,6 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset) |
| 2456 | 2456 |
} |
| 2457 | 2457 |
|
| 2458 | 2458 |
pdf_parseobj(&pdf, obj); |
| 2459 |
- if (SCAN_ALGO && obj->numfilters > PDF_FILTER_DTRIGGER) {
|
|
| 2460 |
- rc = cli_append_virus(ctx, "Heuristic.PDF.TooManyFilters"); |
|
| 2461 |
- if (rc == CL_VIRUS) {
|
|
| 2462 |
- alerts++; |
|
| 2463 |
- if (SCAN_ALL) |
|
| 2464 |
- rc = CL_CLEAN; |
|
| 2465 |
- } |
|
| 2466 |
- } |
|
| 2467 | 2459 |
} |
| 2468 | 2460 |
|
| 2469 | 2461 |
pdf_handle_enc(&pdf); |