From 532901848a31e533b4e8e14b34254dd43f005497 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Sat, 26 Jan 2019 10:28:51 +0100
Subject: [PATCH] [Minor] lua_scanners - oletools - complete threats in
 extended mode

---
 lualib/lua_scanners/oletools.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index f0fdd82b45..577b79863a 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -167,8 +167,8 @@ local function oletools_check(task, content, digest, rule)
               m_autoexec = 'A'
               table.insert(analysis_keyword_table, a.keyword)
             elseif a.type == 'Suspicious' then
-              if rule.extended == true then m_suspicious = 'S' end
-              if a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings'
+              if rule.extended == true or
+                (a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings')
               then
                 m_suspicious = 'S'
                 table.insert(analysis_keyword_table, a.keyword)
-- 
2.47.3