Automating Content Disarm and Reconstruction (CDR) Testing with OPSWAT Visual Comparison

OPSWAT Deep Content Disarm and Reconstruction (Deep CDR) is an advanced threat prevention technology. Unlike detection-based methods, Deep CDR is designed for eliminating all potential malicious codes from files. Each file is completely sanitized and reconstructed in a fast and secure process. This zero-trust security method has proven to be highly effective in combating both known and unknown threats, including zero-day malware and advanced persistent threats (APTs). However, due to its file reconstruction function, the usability of reassembled files becomes a significant concern for users.

Can you assure the complete usability of documents after processing?

It’s a common question from our customers before using Deep CDR. They worry that their documents can be unexpectedly changed during the reconstruction process and become useless. They want to make certain of the integrity of all rebuilt files, especially when thousands or millions of files are processed.

To ensure Deep CDR reconstruction function performance, we developed a framework to validate the usability of sanitized files by comparing the visual presentation of the files before and after processing. It’s called Visual Comparison Test.

How it works

In the Visual Comparison Test, files are examined by an automated process, which generates scores based on content. The system compares scores to identify differences that can be used to find the issue resulting in an easier fix.

In the initial stages of the process, the original file and sanitized file are both separated into pages; and each page is visualized into an image. After that, all images undergo visual representation comparison examined by an advanced image comparer, which later calculates the similarity between these 2 documents.

Demonstrations

We made 2 demonstrations to assess the performance of the Visual Comparison. There were 2 demonstration scenarios: comparing a fully preserved sanitized file with the original file and comparing a modified file with the original one.

Scenario 1: No change in the content after Deep CDR process

After sanitization, we content-checked the processed file to make sure that it was well-preserved. Then we had the original file and the sanitized file inspected by Visual Comparison Test. We got a similarity result at 1.00 which means these two files are the same.

Scenario 2: There were changes in the content

The sanitized file was manually modified by deleting some paragraphs. 

Then, we had it compared with the original file and got the similarity score at 0.92. The result also highlighted differences found in the visual comparison test.

Applying Visual Comparison into Our Regression Test

Visual Comparison is a step in our Deep CDR regression test implemented before releasing every new version. This is to assure that the reconstruction process works fine after any code changes, updates, or improvements. There were thousands of various files automatically tested to guarantee an efficient sanitization process satisfying our customers. By conducting the strict regression test, which applies many different test management tools including automated Visual Comparison, we are confident that Deep CDR performance is always stable and efficient. Consequently, our customers receive secure and usable files with all expected functionality. As an illustration, below we present some results of the Visual Comparison Test.

Sanitized files

Total pages

Identical pages

Different pages

Similarity score

Result

Invitation_letter.docx

6

5

1

0.92

Failed

Market report 2019.pdf

35

35

0

1.00

Passed

Abnormal.rtf

15

10

5

0.84

Failed

Financial plan template.xsl

3

3

0

1.00

Passed

Event photo.jpg

1

1

0

1.00

Passed

Tuesday.gif

1

1

0

1.00

Passed

Staff list.xlsx

5

5

0

1.00

Passed

Annoucement.docm

18

18

0

1.00

Passed

Company trip plan.ppsx

22

22

0

1.00

Passed

Seminar_presentation.ppt

67

67

0

1.00

Passed

OPSWAT Visualization Comparison Test Result

Conclusion

Some file sanitization products on the market can make the sanitized file lose its functionality and content, so its usability is adversely affected. However, OPSWAT Deep CDR, a verified leader in the category, protects the file’s functionality while recursively removing all potential threats and satisfying organizational security policy demands. Our technology differentiates from other vendors with not only the capability to handle complex file structures, but also the intact performance and functionality of the regenerated files.

Learn more about OPSWAT Deep CDR or talk to an OPSWAT technical expert to discover the best security solution to prevent zero-day and advanced evasive malware.


Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.