Automating Content Disarm and Reconstruction (CDR) Testing with OPSWAT Visual Comparison
OPSWAT Deep Content Disarm and Reconstruction (Deep CDR) is an advanced threat prevention technology. Unlike detection-based methods, Deep CDR is designed for eliminating all potential malicious codes from files. Each file is completely sanitized and reconstructed in a fast and secure process. This zero-trust security method has proven to be highly effective in combating both known and unknown threats, including zero-day malware and advanced persistent threats (APTs). However, due to its file reconstruction function, the usability of reassembled files becomes a significant concern for users.
Can you assure the complete usability of documents after processing?
It’s a common question from our customers before using Deep CDR. They worry that their documents can be unexpectedly changed during the reconstruction process and become useless. They want to make certain of the integrity of all rebuilt files, especially when thousands or millions of files are processed.
To ensure Deep CDR reconstruction function performance, we developed a framework to validate the usability of sanitized files by comparing the visual presentation of the files before and after processing. It’s called Visual Comparison Test.
How it works
In the Visual Comparison Test, files are examined by an automated process, which generates scores based on content. The system compares scores to identify differences that can be used to find the issue resulting in an easier fix.
In the initial stages of the process, the original file and sanitized file are both separated into pages; and each page is visualized into an image. After that, all images undergo visual representation comparison examined by an advanced image comparer, which later calculates the similarity between these 2 documents.
Demonstrations
We made 2 demonstrations to assess the performance of the Visual Comparison. There were 2 demonstration scenarios: comparing a fully preserved sanitized file with the original file and comparing a modified file with the original one.
Scenario 1: No change in the content after Deep CDR process
After sanitization, we content-checked the processed file to make sure that it was well-preserved. Then we had the original file and the sanitized file inspected by Visual Comparison Test. We got a similarity result at 1.00 which means these two files are the same.
Scenario 2: There were changes in the content
The sanitized file was manually modified by deleting some paragraphs.
Then, we had it compared with the original file and got the similarity score at 0.92. The result also highlighted differences found in the visual comparison test.
Applying Visual Comparison into Our Regression Test
Visual Comparison is a step in our Deep CDR regression test implemented before releasing every new version. This is to assure that the reconstruction process works fine after any code changes, updates, or improvements. There were thousands of various files automatically tested to guarantee an efficient sanitization process satisfying our customers. By conducting the strict regression test, which applies many different test management tools including automated Visual Comparison, we are confident that Deep CDR performance is always stable and efficient. Consequently, our customers receive secure and usable files with all expected functionality. As an illustration, below we present some results of the Visual Comparison Test.
Sanitized files | Total pages | Identical pages | Different pages | Similarity score | Result |
Invitation_letter.docx | 6 | 5 | 1 | 0.92 | Failed |
Market report 2019.pdf | 35 | 35 | 0 | 1.00 | Passed |
Abnormal.rtf | 15 | 10 | 5 | 0.84 | Failed |
Financial plan template.xsl | 3 | 3 | 0 | 1.00 | Passed |
Event photo.jpg | 1 | 1 | 0 | 1.00 | Passed |
Tuesday.gif | 1 | 1 | 0 | 1.00 | Passed |
Staff list.xlsx | 5 | 5 | 0 | 1.00 | Passed |
Annoucement.docm | 18 | 18 | 0 | 1.00 | Passed |
Company trip plan.ppsx | 22 | 22 | 0 | 1.00 | Passed |
Seminar_presentation.ppt | 67 | 67 | 0 | 1.00 | Passed |
OPSWAT Visualization Comparison Test Result
Conclusion
Some file sanitization products on the market can make the sanitized file lose its functionality and content, so its usability is adversely affected. However, OPSWAT Deep CDR, a verified leader in the category, protects the file’s functionality while recursively removing all potential threats and satisfying organizational security policy demands. Our technology differentiates from other vendors with not only the capability to handle complex file structures, but also the intact performance and functionality of the regenerated files.
Learn more about OPSWAT Deep CDR or talk to an OPSWAT technical expert to discover the best security solution to prevent zero-day and advanced evasive malware.
For more information, please contact one of our critical infrastructure cybersecurity experts.
- Academy 16
- Advanced Threat Prevention 55
- CEO's Blog 21
- Company Announcements 43
- Cross-Domain Solutions 33
- CTO's Blog 23
- CVEs 198
- Deep CDR 41
- Email Security 22
- File Upload Security 15
- Malware Analysis 76
- OACCP Certification 32
- OESIS Framework 12
- Product Announcements 178
- Reports 28
- Secure Access 23
- Secure Data Storage 16
- Technology Partnerships 38
- Vulnerabilities 21
- File Upload Protection – 10 Best Practices for Preventing Cyber Attacks
- MetaDefender Prevents Emotet - The World’s Most Dangerous Malware
- OPSWAT Expands Global Availability of Critical Infrastructure Protection
- OPSWAT Announces Expansion of Cybersecurity Training Program
- Avoiding storage data leaks and PII regulation noncompliance
- How OPSWAT Can Help Detect and Prevent the VMware WorkSpace ONE Access exploit (CVE-2020-4006)
- Protecting Critical Infrastructure from Advanced Cyberattacks
- MetaDefender Cloud Hash Reputation Database Now Exceeds 40 Billion
- OPSWAT Continues to Expand OESIS Framework with New Partners
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure