Clean files to remove threats
    • PDF

    Clean files to remove threats

    • PDF

    Article summary

    Glasswall Halo can be used to process files, ensuring that any potentially malicious content is removed or neutralised. Our CDR technology instantly cleans and rebuilds files to match their ‘known good’ industry specifications, removing potential malware.The ultimate goal is to produce a sanitised version of the file, making it safe to be opened and accessed by other users or information systems without any security risks.

    What is CDR

    Content Disarm and Reconstruction (CDR) is a security measure taken to protect against potential threats and cyber-attacks that may be embedded in files, particularly in documents, images, and other attachments.

    There are several reasons why you would want to use CDR to sanitise files before allowing other users or information systems to access them:

    Malware Protection

    Files received from external sources, such as emails or file downloads, can contain hidden malware, viruses, or other malicious code. CDR helps ensure that any potential threats are neutralised, preventing malware infections and data breaches.

    Phishing Prevention

    Some files may include hidden phishing links or malicious scripts, aiming to steal sensitive information or login credentials. CDR removes such dangerous elements, mitigating the risk of falling victim to phishing attacks.

    Compliance and Regulation

    Many industries and organisations have strict data protection regulations they must adhere to. By implementing CDR, businesses can demonstrate their commitment to security and compliance with data protection standards.

    Zero-Day Threat Mitigation

    CDR can be effective against new, previously unknown threats (zero-day threats) because it focuses on the file's structure and content rather than relying solely on signature-based detection.

    Safe Collaboration

    By using CDR, organisations can safely share files internally and externally, promoting efficient collaboration while maintaining security.

    System Integrity

    Opening a malicious file can harm not only the user's device but also the entire IT system. CDR helps preserve the integrity of the system by preventing the spread of malware.

    Overall, employing CDR as part of a comprehensive cybersecurity strategy helps reduce the attack surface and enhances the overall safety and trustworthiness of the shared files, making it safer for users and information systems to interact with the data.

    API Documentation

    You can use the following API's to create a sanitised file:

    POST api/v3/cdr-file
    POST api/v3/cdr
    

    For more information please refer to our API Documentation

    API Authentication

    Learn how to authenticate Glasswall Halo

    Glasswall Halo Events

    When you make a request to Glasswall Halo the following events take place:

    1. You send a file to the Synchronous API for processing.
    2. The file is stored in Glasswall Halo whilst processing occurs.
    3. The Glasswall Embedded Engine is notified to process the file.
    4. The Glasswall Embedded Engine retrieves the file and begins its CDR process.
    5. The clean file is then returned back to the user via the API response

    Request Construction

    Glasswall Halo provides a wide range of file processing capabilities, accommodating both binary and Base64 encoded files. Additionally, you have the option to leverage policies to guide the file processing according to your needs. For a comprehensive understanding and practical implementation of the policy management feature, learn more.

    When utilising Glasswall Halo, you can submit files in either binary or Base64 format, offering the flexibility to choose the most appropriate file representation for your specific use case and application requirements. Moreover, if you solely require a clean file without the analysis report, you can make this specific request using the response-content query parameter with the value set to noAnalysisReport.

    This versatile functionality of Glasswall Halo empowers you to tailor the file processing process precisely to your preferences and efficiently achieve your objectives with ease.

    Binary File Processing

    POST {baseUrl}/api/v3/cdr-file?response-content=noAnalysisReport 
    

    Base64 Encoded File Processing

    Submit the Base64 encoded string in the Request body to the following endpoint:

    POST {baseUrl}/api/v3/cdr?response-content=noAnalysisReport 
    

    Request body Format

    The body of the request should be in JSON format and include the Base64 field containing the Base64 encoded string of the file, and the fileName field specifying the original filename (including the appropriate file extension).

    {
      "Base64": "string",
      "fileName": "filename.pdf",
    }
    

    Variations

    A variation of this request is to not pass in the response-content query parameter. This means that you will get both the rebuilt file and the analysis report back for the file you requested.

    Binary File Processing

    POST {baseUrl}/api/v3/cdr-file
    

    Base64 Encoded File Processing

    Submit the Base64 encoded string in the Request body to the following endpoint:

    POST {baseUrl}/api/v3/cdr
    

    Note:

    • Replace {baseUrl} with the actual base URL of the Glasswall Halo API.
    • Correct auth header should be provided with each request
    • For binary file processing, use a multipart form post, while for Base64 encoded file processing, provide the file content in the JSON Request body with the appropriate filename.

    Response Handling

    When a file is successfully processed by Glasswall Halo, you will receive a 201 HTTP status code, indicating that a new file has been created, and this file is returned in the response. The format of the response depends on whether you used the binary or Base64 endpoint.

    For the binary endpoint, the file will be returned with the content type application/octet-stream. You can read all the bytes from the response body, forming the CDR'd file. The response will also include the content-disposition header, which contains the filename supplied in the multipart form, if available. If the filename was not provided, a generated GUID will be returned as the filename. This feature eliminates the need for you to maintain the filename while processing occurs.

    If you requested a Base64 encoded file to be processed, the response will be in JSON format with a status code of 201. The JSON body will contain the Base64 encoded string representing the clean file produced by Glasswall Halo. The response will look like this:

    {
      "errorReason": null,
      "processingId": "d3bdc536-44ba-41ad-b40e-330ce6f169ce",
      "processingStatus": "rebuilt",
      "fileType": "jpg",
      "analysisReport": null,
      "rebuiltFile": {
        "content": "/9j/2wBDAAMCAgM...",
        "contentType": "application/octet-stream",
        "contentEncoding": "Base64"
      }
    }
    

    To access the Base64 encoded clean file, you can retrieve it from the rebuiltFile.content location within the response.

    Variations

    If you omit the response-content query parameter and utilize the default settings, both the clean file and the analysis report will be generated and included in the response.

    In the context of the binary endpoint, the response format will be a compressed .zip file. Upon extracting this file, you will discover two subfolders: clean and report. The clean folder will house the clean file, which you can freely utilize according to your needs. Similarly, the report folder will contain the analysis report.

    Learn more about analysis reports

    If you requested a Base64 encoded file to be processed, the response will be in JSON format with a status code of 201. The JSON body will contain the Base64 encoded string representing the clean file produced by Glasswall Halo. The response will look like this:

    {
      "errorReason": null,
      "processingId": "de30c22d-fcef-467c-9ed9-16296318615b",
      "processingStatus": "rebuilt",
      "fileType": "archive",
      "analysisReport": { 
        "content": "UEsDBBQAAAgIACU/EFeWuyNVWwAAAL0AAAARAAAAbWFua...",
        "contentType": "application/octet-stream",
        "contentEncoding": "Base64"
      }
      "rebuiltFile": {
        "content": "/9j/2wBDAAMCAgM...",
        "contentType": "application/octet-stream",
        "contentEncoding": "Base64"
      }
    }
    

    To access the Base64 encoded clean archives, you can retrieve it from the rebuiltFile.content location within the response, if you wish to gain access to the analysis files they can be found at analysisReport.content.

    Summary

    • You have successfully protected your organisation against potential malware threats by utilising Glasswall Halo to sanitise files before sharing or processing them.

    • You have prevented phishing attacks and safeguarded your users by neutralising hidden malicious scripts and phishing links in files processed through Glasswall Halo.

    • You have ensured compliance with data protection regulations by securely handling files and eliminating sensitive information through Glasswall Halo.

    • You have proactively mitigated zero-day threats by using Glasswall Halo, which focuses on file structure rather than relying on known signatures.

    • You have established a secure and trusted file-sharing environment, both internally and externally, by leveraging Glasswall Halo capabilities.

    • You have maintained the integrity of your information systems by preventing malware propagation through CDR-processed files.

    • You have demonstrated a commitment to cybersecurity, building trust among clients, partners, and stakeholders through the secure file-handling practices achieved with Glasswall Halo.

    • You have streamlined your file processing workflows and reduced manual intervention by automating the process through the Glasswall Halo API integration.

    • You have efficiently responded to potential security incidents by incorporating CDR as an additional layer of defence in your incident response plan.

    • You have minimised downtime and reduced remediation costs by preventing malware infections through Glasswall Halo.

    • You have protected your organisation against supply chain attacks by sanitising files received from external sources using Glasswall Halo.

    Overall, through CDR, you have significantly enhanced your organisation's cybersecurity posture, ensuring the safety of sensitive data and mitigating file-based threats effectively.

    Quick Start

    To try Glasswall Halo yourself, please refer to our Quick Start Guide.


    Was this article helpful?