5. Deep CDR Details

This feature is available with MetaDefender Core v4.13 or newer.

Together with an error message, Deep CDR module also returns forensic info to describe what happened during the process in the case file was successfully sanitized.

Sample forensic info
...
"post_processing": {
"actions_failed": "",
"actions_ran": "Sanitized",
"converted_destination": "",
"converted_to": "",
"copy_move_destination": "",
"sanitization_details": {
"description": "Processed successfully.",
"details": [{
"action": "sanitized",
"object_name": "XML content"
},
{
"action": "removed",
"count": 1,
"object_name": "DDE"
},
{
"action": "removed",
"count": 1,
"object_name": "hyperlink"
},
{
"object_name":"XLS file",
"file_name":"Microsoft_Excel_97-2003_Worksheet.xls",
"description":"Processed successfully.",
"details":[
{
"object_name":"macro",
"action":"removed"
}
],
"action":"sanitized"
},
{
"object_name":"XLSX file",
"file_name":"Microsoft_Excel_Worksheet.xlsx",
"description":"invalid file structure.",
"details":"Relationship file sharedStrings.xml does not exist",
"action":"removed"
},
{
"action": "removed",
"count": 1,
"object_name": "OLE"
},
{
"action": "sanitized",
"count": 3,
"object_name": "image"
},
{
"action": "removed",
"object_name": "macro"
}]
}
},
...

Please not to utilize the details programmatically. It is only for troubleshooting. In other words, the text may change any time without warning.

The forensic info is optional, it's not available for all file types

This feature is enabled by default, use bellow Deep CDR setting to disable

[setting]
;Setting "include_sanitization_details" to 1 will return sanitize info, 0 will disable it, only available from MetaDefender Core 4.13.0
include_sanitization_details=0