Hi, I wrote a signature against one of the temporary files clamav pulled out of a pdf when --scan-pdf=yes.
(The signature does not hit when --scan-pdf=no.) If the signature is TargetType 10 = PDF it was not hit. If it was type 0 = any file, it was hit. But it would also be hit by other files not related to the pdf eg text or html, which I don't want. I only want to match files pulled out of a pdf by --scan-pdf. (clamav --debug reports the file from the pdf as ascii , but Target Type 7 for normalized ascii file does not work.) This is similar confusion to what type 2 means. signatures.pdf says type 2 is file inside an OLE2 container but it actually appears to denote an OLE2 container itself and not a file inside one unless that file is itself an OLE2 container. It seems to me that having additional types may be helpful: eg any file inside an OLE2 or any 'file' inside a pdf in addition to type 2 and 10. PS it appears -z does not work when there is a hit on a 'file' inside a PDF. Other signatures that match the pdf itself are not reported as being hit. This is a similar problem to -z not working when there are hits on macros inside OLE2 or a hit on Heuristics.OLE2.ContainsMacros. -- David Shrimpton _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
