Skip to content

Clam 2588 Record PDF URIs if generating scan metadata #1482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 31, 2025
Merged

Clam 2588 Record PDF URIs if generating scan metadata #1482

merged 2 commits into from
May 31, 2025

Conversation

jhumlick
Copy link
Contributor

@jhumlick jhumlick commented Apr 8, 2025
edited by val-ms
Loading

Add the ability to record URL's found in PDF files if the the generate JSON metadata option is enabled. This includes support for finding URIs found in object references.

Adds an option disable this in case you want the json metadata feature but don't want to record PDF URI's:

  • clamscan command-line option: --json-store-pdf-uris=no
  • clamd.conf config option: JsonStorePDFURIs no
  • libclamav general scan option: CL_SCAN_GENERAL_STORE_PDF_URIS

Also renames the options for the equivalent feature for HTML files from "URI" instead of "URL"

  • clamscan command-line option: --json-store-html-uris=no
  • clamd.conf config option: JsonStoreHTMLURIs no
  • libclamav general scan option: CL_SCAN_GENERAL_STORE_HTML_URIS

Jira: CLAM-2588

@jhumlick jhumlick force-pushed the CLAM-2588-PDF-Urls branch 5 times, most recently from 344710a to 934eb00 Compare April 11, 2025 17:10
val-ms
val-ms requested changes Apr 13, 2025
View reviewed changes
@jhumlick jhumlick force-pushed the CLAM-2588-PDF-Urls branch from b4d3ca0 to 01a0c01 Compare May 6, 2025 23:30
val-ms
val-ms requested changes May 19, 2025
View reviewed changes
Copy link
Contributor

@val-ms val-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! I just have one concern

@jhumlick jhumlick force-pushed the CLAM-2588-PDF-Urls branch 7 times, most recently from 33a8e0e to 46c3aed Compare May 29, 2025 16:32
@val-ms val-ms changed the title libclamav: Add URI scanning support to PDF parser Clam 2588 Record PDF URIs if generating scan metadata May 29, 2025
jhumlick added 2 commits May 30, 2025 12:41
@jhumlick
libclamav: Add URI scanning support to PDF parser
e1e3d4c 
Threat Research requests scanning URIs in PDF files and adding them to
the json report file.

This change adds URI scanning support to the PDF parser, including
support for object references to URIs in PDF files.

Jira: CLAM-2588

Fix out-of-order references and other minor improvements.

CLAM-2588, CLAM-2757
@jhumlick
libclamav: Fix compiler error on some Apple systems.
f0289f0 
clamav_dbload_fuzzer.cpp and clamav_scanfile_fuzzer.cpp use __pid_t, which some
Apple systems do not define, and this causes a compilation error. This change
defines __pid_t as pid_t, which does exist on those systems and allows clamav
to build.
@jhumlick jhumlick force-pushed the CLAM-2588-PDF-Urls branch from 46c3aed to f0289f0 Compare May 30, 2025 19:43
@val-ms val-ms merged commit e869197 into Cisco-Talos:main May 31, 2025
22 of 24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@val-ms val-ms val-ms approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jhumlick @val-ms