Automating Content Disarm and Reconstruction (CDR) Testing with OPSWAT Visual Comparison
OPSWAT Deep Content Disarm and Reconstruction (Deep CDR) is an advanced threat prevention technology. Unlike detection-based methods, Deep CDR is designed for eliminating all potential malicious codes from files. Each file is completely sanitized and reconstructed in a fast and secure process. This zero-trust security method has proven to be highly effective in combating both known and unknown threats, including zero-day malware and advanced persistent threats (APTs). However, due to its file reconstruction function, the usability of reassembled files becomes a significant concern for users.
Can you assure the complete usability of documents after processing?
It’s a common question from our customers before using Deep CDR. They worry that their documents can be unexpectedly changed during the reconstruction process and become useless. They want to make certain of the integrity of all rebuilt files, especially when thousands or millions of files are processed.
To ensure Deep CDR reconstruction function performance, we developed a framework to validate the usability of sanitized files by comparing the visual presentation of the files before and after processing. It’s called Visual Comparison Test.
How it works
In the Visual Comparison Test, files are examined by an automated process, which generates scores based on content. The system compares scores to identify differences that can be used to find the issue resulting in an easier fix.
In the initial stages of the process, the original file and sanitized file are both separated into pages; and each page is visualized into an image. After that, all images undergo visual representation comparison examined by an advanced image comparer, which later calculates the similarity between these 2 documents.
Demonstrations
We made 2 demonstrations to assess the performance of the Visual Comparison. There were 2 demonstration scenarios: comparing a fully preserved sanitized file with the original file and comparing a modified file with the original one.
Scenario 1: No change in the content after Deep CDR process
After sanitization, we content-checked the processed file to make sure that it was well-preserved. Then we had the original file and the sanitized file inspected by Visual Comparison Test. We got a similarity result at 1.00 which means these two files are the same.
Scenario 2: There were changes in the content
The sanitized file was manually modified by deleting some paragraphs.
Then, we had it compared with the original file and got the similarity score at 0.92. The result also highlighted differences found in the visual comparison test.
Applying Visual Comparison into Our Regression Test
Visual Comparison is a step in our Deep CDR regression test implemented before releasing every new version. This is to assure that the reconstruction process works fine after any code changes, updates, or improvements. There were thousands of various files automatically tested to guarantee an efficient sanitization process satisfying our customers. By conducting the strict regression test, which applies many different test management tools including automated Visual Comparison, we are confident that Deep CDR performance is always stable and efficient. Consequently, our customers receive secure and usable files with all expected functionality. As an illustration, below we present some results of the Visual Comparison Test.
Sanitized files | Total pages | Identical pages | Different pages | Similarity score | Result |
Invitation_letter.docx | 6 | 5 | 1 | 0.92 | Failed |
Market report 2019.pdf | 35 | 35 | 0 | 1.00 | Passed |
Abnormal.rtf | 15 | 10 | 5 | 0.84 | Failed |
Financial plan template.xsl | 3 | 3 | 0 | 1.00 | Passed |
Event photo.jpg | 1 | 1 | 0 | 1.00 | Passed |
Tuesday.gif | 1 | 1 | 0 | 1.00 | Passed |
Staff list.xlsx | 5 | 5 | 0 | 1.00 | Passed |
Annoucement.docm | 18 | 18 | 0 | 1.00 | Passed |
Company trip plan.ppsx | 22 | 22 | 0 | 1.00 | Passed |
Seminar_presentation.ppt | 67 | 67 | 0 | 1.00 | Passed |
OPSWAT Visualization Comparison Test Result
Conclusion
Some file sanitization products on the market can make the sanitized file lose its functionality and content, so its usability is adversely affected. However, OPSWAT Deep CDR, a verified leader in the category, protects the file’s functionality while recursively removing all potential threats and satisfying organizational security policy demands. Our technology differentiates from other vendors with not only the capability to handle complex file structures, but also the intact performance and functionality of the regenerated files.
Learn more about OPSWAT Deep CDR or talk to an OPSWAT technical expert to discover the best security solution to prevent zero-day and advanced evasive malware.
- Academy 12
- Advanced Threat Prevention 55
- CEO's Blog 20
- Company Announcements 34
- Cross-Domain Solutions 2
- CTO's Blog 23
- CVEs 189
- Deep CDR 40
- Email Security 1
- Email Threat Prevention 21
- File Upload Security 3
- Kiosk & USB Security 31
- Malware Analysis 1
- OACCP Certification 30
- OESIS Framework 12
- Product Announcements 173
- Reports 28
- Secure Access 23
- Secure Data Storage 5
- Technology Partnerships 37
- Vulnerabilities 21
- File Upload Protection – 10 Best Practices for Preventing Cyber Attacks
- OPSWAT Released a New Advanced Email Security Comparison Guide
- Infographic: File Upload Security – A Mission Against Malware
- Can You Spot the Social Engineering Techniques in a Phishing Email?
- Vulnerabilities: CVEs, Hashes, Application Installers Report January 22-29, 2018
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure
- Police Handing Out Malware-Infected USBs Is Not an Isolated Incident
- 10 Things to Include in Your Employee Cyber Security Policy
- 11 of the Largest Data Breaches of All Time (Updated)