[Minor] lua_scanners - oletools - complete threats in extended mode

author Carsten Rosenberg <c.rosenberg@heinlein-support.de>

Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)

committer Carsten Rosenberg <c.rosenberg@heinlein-support.de>

Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)
author Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)
committer Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua

index f0fdd82b45b30f55da6893457efccef43afdecda..577b79863abe68ef2ffa43c381d8f9d3d385b946 100644 (file)
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -167,8 +167,8 @@ local function oletools_check(task, content, digest, rule)
                m_autoexec = 'A'
                table.insert(analysis_keyword_table, a.keyword)
              elseif a.type == 'Suspicious' then
-              if rule.extended == true then m_suspicious = 'S' end
-              if a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings'
+              if rule.extended == true or
+                (a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings')
                then
                  m_suspicious = 'S'
                  table.insert(analysis_keyword_table, a.keyword)
author	Carsten Rosenberg <c.rosenberg@heinlein-support.de>
	Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)
committer	Carsten Rosenberg <c.rosenberg@heinlein-support.de>
	Sat, 26 Jan 2019 09:28:51 +0000 (10:28 +0100)