Hi Paul, Yes, that is correct. In the case of PDF processing, cli_scanpdf() has logic to extract additional content from PDF such as decompressing attached images, javascript, etc. It may also decrypt password protected PDF's where the password is empty.
The scanraw() function is primarily performs pattern matching on a given file for content-based based malware detection signatures. The scanraw() function may also identify embedded content using embedded file type recognition signatures. This can pick up some things like archives embedded in executables for further extraction. Regards, Micah Micah Snyder (they/them) ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Paul via clamav-users <clamav-users@lists.clamav.net> Sent: Thursday, June 27, 2024 3:28 PM To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> Cc: Paul <psilvest...@gmail.com> Subject: [clamav-users] Question about additional processing on Documents in Clamd Configuration File Hello everyone, In the clamd.conf file there are several different document types (PDF, SWF, OLE2, etc.) that have an option for additional processing. For example: # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes #ScanPDF no After looking through the source code it looks like cli_magic_scan() will always call scanraw() whether or not the configuration is set to yes/no. This seems like "original files will still be scanned" part. Then if the file type is PDF it will call cli_scanpdf only if the option is set to yes. This seems to be the additional processing. I'm quite rusty with C, is that accurate? If so, can someone explain what the additional processing cli_scanpdf() does that scanraw() doesn't? Thanks in advance for taking the time to help me with this.
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
