Version of log4j_detector: log4j-detector-2021.12.20.jar

Hello,
currently log4j-detector logs following lines after finding log4j 1.x files:

$ sha256sum ./log4j-1.1.3.jar
635d4be0003f9b24f560a7835db59fef04d1102bac75824c5f1c6ae48aa626a9  ./log4j-1.1.3.jar

$ java -jar ./log4j-detector-2021.12.20.jar ./log4j-1.1.3.jar
/home/litew/Downloads/log4j-1.1.3.jar contains Log4J-1.x   <= 1.2.17 _OLD_

According to https://logging.apache.org/log4j/2.x/security.html, "CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.":

Log4j 1.x mitigation
Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. To mitigate: Audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability.

Mentioned CVE-2021-4104 has CVSS 8.1 HIGH score.

As https://access.redhat.com/security/cve/CVE-2021-4104 states - there is possibility to manually mitigate CVE-2021-4104 vulnerability by removing JMSAppender class from log4j 1.x jar with following command:

$ zip -q -d "/path/to/log4j-1x-file.jar" org/apache/log4j/net/JMSAppender.class

After doing this log4j_detector will still report this file as _OLD_:

$ sha256sum ./log4j-1.1.3.jar
b2fc57bc76999ee101036d3bea9993a07adbf79cb21804b5b79c733fbcb01578  ./log4j-1.1.3.jar

$ java -jar ./log4j-detector-2021.12.20.jar ./log4j-1.1.3.jar
/home/litew/Downloads/log4j-1.1.3.jar contains Log4J-1.x   <= 1.2.17 _OLD_

Could you please add option to report old log4j 1.x patched versions as potentially safe? Maybe add another status, such as _OLD_POTENTIALLY_SAFE or maybe _OLD_MANUAL_MITIGATION_APPLIED_.