@@ -74,6 +74,7 @@ static struct dconf_module modules[] = {

     { "PE",     "CATALOG",      PE_CONF_CATALOG,        1 },

     { "PE",     "CERTS",        PE_CONF_CERTS,      1 },

     { "PE",     "MATCHICON",    PE_CONF_MATCHICON,       1 },

+    { "PE",     "IMPTBL",       PE_CONF_IMPTBL,          1 },

     { "ELF",        NULL,       0x1,            1 },

@@ -65,6 +65,7 @@ struct cli_dconf {

 #define PE_CONF_CATALOG	    0x10000

 #define PE_CONF_CERTS       0x20000

 #define PE_CONF_MATCHICON   0x40000

+#define PE_CONF_IMPTBL      0x80000

 /* Archive flags */

 #define ARCH_CONF_RAR	    0x1

@@ -3360,19 +3360,21 @@ int cli_scanpe(cli_ctx *ctx)

     cli_bytecode_context_destroy(bc_ctx);

     /* Attempt to run scans on import table */

-    /* TODO: should this be target-tree-only? */

-    ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);

-    switch (ret) {

-        case CL_ENULLARG:

-            cli_warnmsg("cli_scanpe: NULL argument supplied\n");

-            break;

-        case CL_VIRUS:

-            if (SCAN_ALL)

+    /* Run if there are existing signatures and/or preclassing */

+    if (ctx->dconf->pe & PE_CONF_IMPTBL) {

+        ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);

+        switch (ret) {

+            case CL_ENULLARG:

+                cli_warnmsg("cli_scanpe: NULL argument supplied\n");

                 break;

-            /* intentional fall-through */

-        case CL_BREAK:

-            free(exe_sections);

-            return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN;

+            case CL_VIRUS:

+                if (SCAN_ALL)

+                    break;

+                /* intentional fall-through */

+            case CL_BREAK:

+                free(exe_sections);

+                return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN;

+        }

     }

     /* Attempt to detect some popular polymorphic viruses */