Archive Support
  • PDF

Archive Support

  • PDF

The Archive Support feature in CDR Platform utilises the Glasswall Engine to protect each individual file within an archive and then recompress the archive to a supported type.

Supported File Types

Non-Password Protected

  • Zip
  • 7-Zip
  • GZip 
  • Rar
  • Tar

Password Protected

  • Zip

How does it work

  • When an archive is received, the CDR Platform will decompress the archive up to 5 nested archive levels.
  • The CDR Platform will process each non-archive file at each level individually.
  • Once all files have been processed by the Glasswall Engine, the archive will be re-compressed in the same structure. The expected outcomes are defined below.

Expected outcomes

File Types

In some cases, the CDR Platform is not able to support archive types on re-compression due to licensing. This means that some archive types will be re-compressed to Zip, and all file types and folder structures within that Zip will be unchanged. 

Input FileOutput File
ZipZip
TarTar
GzipGZip
7-ZipZip
RarZip

File Contents

In the majority of cases, a file within an archive will be replaced with a clean file before it is returned via the API. In some cases, the CDR Platform may not be able to process a single file within an archive. In cases where some files are processed and some are not the un-processable file will be replaced with a '.txt' file and the contents of that file will provide a reason as to why that file cannot be processed.

The following are the expected scenarios:

Rebuild

  • Archive Is being rebuilt and Entry is Allowed - Uses the Original File
  • Archive Is being rebuilt and Entry is Disallowed - Replace with a text file (same name) saying "File Disallowed"
  • Archive Is being rebuilt and Entry is Unsupported File type - Replace with a text file (same name) saying "Unsupported File Type"
  • Archive Is being rebuilt and Engine Fails While Rebuilding Entry - Replace with a text file (same name) saying "Unable to rebuild file"
  • Archive Is being rebuilt and Entry is Successfully Rebuilt - Use Rebuilt File

Analysis

  • Archive Is being analysed and Entry is Allowed - Replace with a text file (same name) saying "File allowed by policy, no analyse needed"
  • Archive Is being analysed and Entry is Disallowed - Replace with a text file (same name) saying "File Disallowed"
  • Archive Is being analysed and Entry is Unsupported File type - Replace with a text file (same name) saying "Unsupported File Type"
  • Archive Is being analysed and Engine Fails While Analysing Entry - Replace with a text file (same name) saying "Unable to analyse file"
  • Archive Is being analysed and Entry is Successfully Rebuilt - Use Analysis of file

Policy Configuration

The API endpoints support Content Management Flags for individual files within an archive, this config allows you to define what a given action is for a particular file type within an archive. For each file type in this configuration, the default value is: 'Sanitise - 1', and the other values are 'Allow - 0' and 'Disallow - 2'.

The following file types are supported under archive configuration:

"ArchiveConfig": {
    "bmp": 1,
    "doc": 1,
    "docx": 1,
    "emf": 1,
    "gif": 1,
    "jpeg": 1,
    "wav": 1,
    "elf": 1,
    "pe": 1,
    "mp4": 1,
    "mpg": 1,
    "pdf": 1,
    "png": 1,
    "ppt": 1,
    "pptx": 1,
    "tiff": 1,
    "wmf": 1,
    "xls": 1,
    "xlsx": 1,
    "mp3": 1,
    "mp2": 1,
    "rtf": 1,
    "coff": 1,
    "macho": 1,
    "json": 1,
    "unknown": 1
},

Note: Unknown - if the file type is undetected by the Glasswall engine then this action applies within the archive.

Reporting

The CDR Platform produces reports for each file processed, for a single file this usually results in 1 report from the API, 1 report from the engine and 1 analysis report. With archives the expected outcome is 

  • 1 API report
  • 1 Engine report per file
  • 1 Analysis report per file

Where there are multiple reports (engine and analysis) the report name will be appended with the File ID.


Was this article helpful?

What's Next