@@ -1,3 +1,10 @@

+Thu Feb 22 16:51:33 CET 2007 (tk)

+---------------------------------

+  * libclamav: new scan setting CL_SCAN_PDF

+  * clamd: new option ScanPDF (default: no)

+  * clamscan: new switch --no-pdf (PDF scanning enabled by default)

+  * docs: update

+

 Thu Feb 22 15:32:33 GMT 2007 (njh)

 ----------------------------------

   * libclamav:	s/sanitiseFilename/cli_sanitise_filename/, patch from trog

@@ -412,6 +412,13 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

 	logg("OLE2 support disabled.\n");

     }

+    if(cfgopt(copt, "ScanPDF")->enabled) {

+	logg("PDF support enabled.\n");

+	options |= CL_SCAN_PDF;

+    } else {

+	logg("PDF support disabled.\n");

+    }

+

     if(cfgopt(copt, "ScanHTML")->enabled) {

 	logg("HTML support enabled.\n");

 	options |= CL_SCAN_HTML;

@@ -269,6 +269,7 @@ void help(void)

     mprintf("    --no-pe                              Disable PE analysis\n");

     mprintf("    --no-elf                             Disable ELF support\n");

     mprintf("    --no-ole2                            Disable OLE2 support\n");

+    mprintf("    --no-pdf                             Disable PDF support\n");

     mprintf("    --no-html                            Disable HTML support\n");

     mprintf("    --no-archive                         Disable libclamav archive support\n");

     mprintf("    --detect-broken                      Try to detect broken executable files\n");

@@ -71,6 +71,7 @@ static struct option clamscan_longopt[] = {

     {"no-pe", 0, 0, 0},

     {"no-elf", 0, 0, 0},

     {"no-ole2", 0, 0, 0},

+    {"no-pdf", 0, 0, 0},

     {"no-html", 0, 0, 0},

     {"no-mail", 0, 0, 0},

     {"mail-follow-urls", 0, 0, 0},

@@ -269,6 +269,11 @@ int scanmanager(const struct optstruct *opt)

     else

 	options |= CL_SCAN_OLE2;

+    if(opt_check(opt, "no-pdf"))

+	options &= ~CL_SCAN_PDF;

+    else

+	options |= CL_SCAN_PDF;

+

     if(opt_check(opt, "no-html"))

 	options &= ~CL_SCAN_HTML;

     else

@@ -830,6 +830,8 @@ struct cl_limits {

 	\item \textbf{CL\_SCAN\_OLE2}\\

 	      Enables support for OLE2 containers (used by MS Office and .msi

 	      files).

+	\item \textbf{CL\_SCAN\_PDF}\\

+	      Enables scanning within PDF files.

 	\item \textbf{CL\_SCAN\_PE}\\

 	      This flag enables deep scanning of Portable Executable files and

 	      allows libclamav to unpack executables compressed with run-time

@@ -215,6 +215,11 @@ This option enables scanning of OLE2 files, such as Microsoft Office documents a

 .br 

 Default: yes

 .TP 

+\fBScanPDF BOOL\fR

+This option enables scanning within PDF files.

+.br 

+Default: no

+.TP 

 \fBScanHTML BOOL\fR

 Enables HTML detection and normalisation.

 .br 

@@ -99,6 +99,9 @@ Executable and Linking Format is a standard format for UN*X executables. This op

 \fB\-\-no\-ole2\fR

 Disable support for Microsoft Office documents and .msi files.

 .TP 

+\fB\-\-no\-pdf\fR

+Disable scanning within PDF files.

+.TP 

 \fB\-\-no\-html\fR

 Disable support for HTML detection and normalisation.

 .TP 

@@ -201,6 +201,10 @@ LocalSocket /tmp/clamd

 # Default: yes

 #ScanOLE2 yes

+# This option enables scanning within PDF files.

+# Default: no

+#ScanPDF yes

+

 ##

 ## Mail files

 ##

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net>

+ *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

  *  it under the terms of the GNU General Public License as published by

@@ -94,6 +94,7 @@ extern "C"

 #define CL_SCAN_PHISHING_BLOCKSSL   0x800 /* ssl mismatches, not ssl by itself*/

 #define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000

 #define CL_SCAN_ELF		    0x2000

+#define CL_SCAN_PDF		    0x4000

 /* recommended scan settings */

 #define CL_SCAN_STDOPT		(CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF) 

@@ -73,6 +73,7 @@ typedef struct {

 #define SCAN_ARCHIVE	    (ctx->options & CL_SCAN_ARCHIVE)

 #define SCAN_MAIL	    (ctx->options & CL_SCAN_MAIL)

 #define SCAN_OLE2	    (ctx->options & CL_SCAN_OLE2)

+#define SCAN_PDF	    (ctx->options & CL_SCAN_PDF)

 #define SCAN_HTML	    (ctx->options & CL_SCAN_HTML)

 #define SCAN_PE		    (ctx->options & CL_SCAN_PE)

 #define SCAN_ELF	    (ctx->options & CL_SCAN_ELF)

@@ -1958,7 +1958,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 	    break;

 	case CL_TYPE_PDF:

-	    if(SCAN_ARCHIVE && (DCONF_DOC & DOC_CONF_PDF))    /* you may wish to change this line */

+	    if(SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF))

 		ret = cli_scanpdf(desc, ctx);

 	    break;

@@ -61,6 +61,7 @@ struct cfgoption cfg_options[] = {

     {"AlgorithmicDetection", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"ScanHTML", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"ScanOLE2", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

+    {"ScanPDF", OPT_BOOL, 0, NULL, 0, OPT_CLAMD},

     {"ScanArchive", OPT_BOOL, 1, NULL, 0, OPT_CLAMD},

     {"ArchiveMaxFileSize", OPT_COMPSIZE, 10485760, NULL, 0, OPT_CLAMD},

     {"ArchiveMaxRecursion", OPT_NUM, 8, NULL, 0, OPT_CLAMD},