Deep CDR with Higher Quality
Deep CDR (v5.6) quarterly release is now generally available (GA). This release includes: significant improvements in the handling of Comma-Separated Values (CSV) formulas injection threats; and, support for new file types including Text file (TXT), Audio Video Interleave (AVI), Moving Picture Experts Group (MPEG), Outlook Personal Folder (PST). Also in this blog, we share our internal automated usability testing method to reliably test at-scale without loss of usability
Improved handling of CSV formulas injection threats
Deep CDR treats a CSV file the same as an Excel file. Any cells that start with '=' will be considered as formulas. For example, embedding the text =HYPERLINK("http://maliciousdomain.com") in a CSV file will appear as a clickable link when opened within MS Excel. The issue is not limited to the '=' sign only. Other signs can be used for malicious formulas such as Plus ("+"), Minus ("-"), At ("@"). The combination of these signs such as =@HYPERLINK("http://maliciousdomain.com") or ++@HYPERLINK("http://maliciousdomain.com") also can be injected as a formula. This makes this type of attack very hard to detect and mitigate. With OPSWAT Deep CDR the file content is inspected, remediation performed as needed, and a sanitized file is produced that results in formulas being removed as part of the Deep CDR process.
Visual Comparison, automated usability testing
The following is NOT a Deep CDR feature, it's an internal engineering process.
Improving quality is always our top priority task. With Deep CDR, we usually test with thousands of samples, different file formats, different file structures. The sanitized file must not contain unexpected objects. Meanwhile, any remediation that occurs will not result in a loss of usability. In other words, it should look the same and have the same usability as the original file minus malicious embedded objects. The manual work to check sanitized files is not always possible or practical. How then, do we deliver quality releases? One of the test methods we improved from this release is Visual Comparison. The original file and sanitized file will go through an automation process which can generate scores based on content. The system will compare scores to identify the differences that can be used to find the issue resulting in an easier fix.
Stay tuned for OPSWATs upcoming blog post which, will detail the inner workings of Visual Comparison.
Supported new file types
In this release, the following file formats are added support:
- Text file (TXT)
- Audio Video Interleave (AVI), Moving Picture Experts Group (MPEG)
- Outlook Personal Folder (PST)
- ファイルアップロードの保護 – 10 のベストプラクティスで サイバー攻撃を防御
- MetaDefenderによる世界で最も危険なマルウェアEmotetの防御
- OPSWAT Expands Global Availability of Critical Infrastructure Protection
- OPSWAT Announces Expansion of Cybersecurity Training Program
- Avoiding storage data leaks and PII regulation noncompliance
- How OPSWAT Can Help Detect and Prevent the VMware WorkSpace ONE Access exploit (CVE-2020-4006)
- Protecting Critical Infrastructure from Advanced Cyberattacks
- MetaDefender Cloud Hash Reputation Database Now Exceeds 40 Billion
- OPSWAT Continues to Expand OESIS Framework with New Partners
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure