Introducing OPSWAT Threat Intelligence Similarity Search Learn More

Deep CDR with Higher Quality

Deep CDR (v5.6) quarterly release is now generally available (GA). This release includes: significant improvements in the handling of Comma-Separated Values (CSV) formulas injection threats; and, support for new file types including Text file (TXT), Audio Video Interleave (AVI), Moving Picture Experts Group (MPEG), Outlook Personal Folder (PST). Also in this blog, we share our internal automated usability testing method to reliably test at-scale without loss of usability

Improved handling of CSV formulas injection threats

Deep CDR treats a CSV file the same as an Excel file. Any cells that start with '=' will be considered as formulas. For example, embedding the text =HYPERLINK("") in a CSV file will appear as a clickable link when opened within MS Excel. The issue is not limited to the '=' sign only. Other signs can be used for malicious formulas such as Plus ("+"), Minus ("-"), At ("@"). The combination of these signs such as =@HYPERLINK("") or ++@HYPERLINK("") also can be injected as a formula. This makes this type of attack very hard to detect and mitigate. With OPSWAT Deep CDR the file content is inspected, remediation performed as needed, and a sanitized file is produced that results in formulas being removed as part of the Deep CDR process.

Visual Comparison, automated usability testing

The following is NOT a Deep CDR feature, it's an internal engineering process.

Improving quality is always our top priority task. With Deep CDR, we usually test with thousands of samples, different file formats, different file structures. The sanitized file must not contain unexpected objects. Meanwhile, any remediation that occurs will not result in a loss of usability. In other words, it should look the same and have the same usability as the original file minus malicious embedded objects. The manual work to check sanitized files is not always possible or practical. How then, do we deliver quality releases? One of the test methods we improved from this release is Visual Comparison. The original file and sanitized file will go through an automation process which can generate scores based on content. The system will compare scores to identify the differences that can be used to find the issue resulting in an easier fix.

Stay tuned for OPSWATs upcoming blog post which, will detail the inner workings of Visual Comparison.

Supported new file types

In this release, the following file formats are added support:

  • Text file (TXT)
  • Audio Video Interleave (AVI), Moving Picture Experts Group (MPEG)
  • Outlook Personal Folder (PST)
Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.