1. clamav-devel
  2. Commit 6ee2df5b3ea71eb287684338af21b6dbf5c99631
Browse code

pdf: Add dconf for ObfuscatedNameObject Heuristic

David Raynor authored on 2013/11/20 07:27:17
Showing 3 changed files
libclamav/dconf.c
History View file @ 6ee2df5
... ... 
@@ -120,6 +120,7 @@ static struct dconf_module modules[] = {
120 120 
     { "OTHER",	    "DLP",	    OTHER_CONF_DLP,	    1 },
121 121 
     { "OTHER",	    "MYDOOMLOG",    OTHER_CONF_MYDOOMLOG,   1 },
122 122 
     { "OTHER",      "PREFILTERING", OTHER_CONF_PREFILTERING,1 },
123 
+    { "OTHER",      "PDFNAMEOBJ",   OTHER_CONF_PDFNAMEOBJ,  1 },
123 124
124 125 
     { "PHISHING",   "ENGINE",       PHISHING_CONF_ENGINE,   1 },
125 126 
     { "PHISHING",   "ENTCONV",      PHISHING_CONF_ENTCONV,  1 },
libclamav/dconf.h
History View file @ 6ee2df5
... ... 
@@ -109,6 +109,7 @@ struct cli_dconf {
109 109 
 #define OTHER_CONF_DLP	    0x20
110 110 
 #define OTHER_CONF_MYDOOMLOG	0x40
111 111 
 #define OTHER_CONF_PREFILTERING 0x80
112 
+#define OTHER_CONF_PDFNAMEOBJ	0x100
112 113
113 114 
 /* Phishing flags */
114 115 
 #define PHISHING_CONF_ENGINE   0x1
libclamav/pdf.c
History View file @ 6ee2df5
... ... 
@@ -2232,7 +2232,7 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
2232 2232 
                 rc = CL_CLEAN;
2233 2233 
             }
2234 2234 
         }
2235 
-        if (!rc && (ctx->options & CL_SCAN_ALGORITHMIC)) {
2235 
+        if (!rc && SCAN_ALGO && (ctx->dconf->other & OTHER_CONF_PDFNAMEOBJ)) {
2236 2236 
             if (pdf.flags & (1 << ESCAPED_COMMON_PDFNAME)) {
2237 2237 
                 /* for example /Fl#61te#44#65#63#6f#64#65 instead of /FlateDecode */
2238 2238 
                 cli_append_virus(ctx, "Heuristics.PDF.ObfuscatedNameObject");