[clamav-users] LibClamAV warning, cli_pdf unimplemented filter DCTDECODE

Rick Valenzuela lists at rickv.com
Sat May 21 07:44:57 EDT 2016


Thank you for the detailed answer; I am using the HEAD version from an
OSX Homebrew install; I recently changed from stable, and had not had
this warning before.

Cheers,
Rick

On 5/20/16 02:58, Kevin Lin wrote:
> This warning occurs in the new experimental pdf filter rework that is not
> part of any existing ClamAV releases (as of 0.99.2). Thus as a disclaimer,
> it must be stated that the version of ClamAV being used may be unstable or
> incomplete especially with the experimental section that this warnings is
> related to.
> 
> A little background on PDFs:
> PDF documents are made up of entities called objects which store that
> various bits of content that make up the document. Taken from the PDF spec:
> "A *filter *is an optional part of the specification of a stream,
> indicating how the data in the stream must be decoded before it is used". As
> a result, in order to properly scan the objects of a PDF document, the
> objects need to be decoded according to their list of filters.
> DCTDecode is one of a number of PDF filters that can be applied to PDF
> objects; in particular: "grayscale or color image data that has been encoded
> in the JPEG baseline format" (PDF Spec). If you are interested in more
> about filters or PDFs, the PDF specification is freely available online and
> explains things in greater detail.
> 
> On LibClamAV and cli_pdf:
> LibClamAV's internal function to handle PDF documents is cli_pdf.
> 
> 
> In a nutshell, this warning occurs because ClamAV encountered a DCTDecode
> filter but does not have a implementation to decode that filter yet. It is
> possible but unlikely that associated document is malicious.
> 
> -Kevin
> 
> On Thu, May 19, 2016 at 12:43 AM, Rick Valenzuela <lists at rickv.com> wrote:
> 
>> Hi,
>>
>> Where can I find info on this warning when running clamscan?:
>>
>> LibClamAV Warning: cli_pdf: unimplemented filter type [10] => DCTDECODE
>>
>> I've been searching, but I can't find much on LibClamAV and filters,
>> much less cli_pdf or DCTDECODE.
>>
>> Best regards,
>> Rick
>>
>> --
>> Rick Valenzuela
>> Videojournalist
>> Shanghai, China
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 

-- 
Rick Valenzuela
Videojournalist
Shanghai, China



More information about the clamav-users mailing list