diff --git a/libclamav/dconf.c b/libclamav/dconf.c index 635c50dbf..0e01fe9c2 100644 --- a/libclamav/dconf.c +++ b/libclamav/dconf.c @@ -74,6 +74,7 @@ static struct dconf_module modules[] = { { "PE", "CATALOG", PE_CONF_CATALOG, 1 }, { "PE", "CERTS", PE_CONF_CERTS, 1 }, { "PE", "MATCHICON", PE_CONF_MATCHICON, 1 }, + { "PE", "IMPTBL", PE_CONF_IMPTBL, 1 }, { "ELF", NULL, 0x1, 1 }, diff --git a/libclamav/dconf.h b/libclamav/dconf.h index 506a51829..b07ec858c 100644 --- a/libclamav/dconf.h +++ b/libclamav/dconf.h @@ -65,6 +65,7 @@ struct cli_dconf { #define PE_CONF_CATALOG 0x10000 #define PE_CONF_CERTS 0x20000 #define PE_CONF_MATCHICON 0x40000 +#define PE_CONF_IMPTBL 0x80000 /* Archive flags */ #define ARCH_CONF_RAR 0x1 diff --git a/libclamav/pe.c b/libclamav/pe.c index c200946ba..3bb2f5f80 100644 --- a/libclamav/pe.c +++ b/libclamav/pe.c @@ -3360,19 +3360,21 @@ int cli_scanpe(cli_ctx *ctx) cli_bytecode_context_destroy(bc_ctx); /* Attempt to run scans on import table */ - /* TODO: should this be target-tree-only? */ - ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus); - switch (ret) { - case CL_ENULLARG: - cli_warnmsg("cli_scanpe: NULL argument supplied\n"); - break; - case CL_VIRUS: - if (SCAN_ALL) + /* Run if there are existing signatures and/or preclassing */ + if (ctx->dconf->pe & PE_CONF_IMPTBL) { + ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus); + switch (ret) { + case CL_ENULLARG: + cli_warnmsg("cli_scanpe: NULL argument supplied\n"); break; - /* intentional fall-through */ - case CL_BREAK: - free(exe_sections); - return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN; + case CL_VIRUS: + if (SCAN_ALL) + break; + /* intentional fall-through */ + case CL_BREAK: + free(exe_sections); + return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN; + } } /* Attempt to detect some popular polymorphic viruses */