From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Sat, 26 Jan 2019 09:28:51 +0000 (+0100)
Subject: [Minor] lua_scanners - oletools - complete threats in extended mode
X-Git-Tag: 1.9.0~244^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=532901848a31e533b4e8e14b34254dd43f005497;p=thirdparty%2Frspamd.git

[Minor] lua_scanners - oletools - complete threats in extended mode
---

diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index f0fdd82b45..577b79863a 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -167,8 +167,8 @@ local function oletools_check(task, content, digest, rule)
               m_autoexec = 'A'
               table.insert(analysis_keyword_table, a.keyword)
             elseif a.type == 'Suspicious' then
-              if rule.extended == true then m_suspicious = 'S' end
-              if a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings'
+              if rule.extended == true or
+                (a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings')
               then
                 m_suspicious = 'S'
                 table.insert(analysis_keyword_table, a.keyword)