5. Deep CDR Details

This feature is available with MetaDefender Core v4.13 or newer.

Together with an error message, Deep CDR module also returns forensic info to describe what happened during the process in the case file was successfully sanitized.

Sample forensic info
...
"post_processing": {
"actions_failed": "",
"actions_ran": "Sanitized",
"converted_destination": "",
"converted_to": "",
"copy_move_destination": "",
"sanitization_details": {
"description": "Sanitized successfully.",
"details": [
{
"action": "sanitized",
"object_name": "XML content"
},
{
"action": "removed",
"count": 1,
"object_details": [
"<ddeLink xmlns:r=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships\" ddeService=\"calc\" ddeTopic=\"topic\" xmlns=\"http://schemas.openxmlformats.org/spreadsheetml/2006/main\">\r\n <ddeItems>\r\n <ddeItem name=\"_xlbgnm.A3\" advise=\"1\" />\r\n <ddeItem name=\"StdDocumentName\" ole=\"1\" advise=\"1\" />\r\n </ddeItems>\r\n</ddeLink>"
],
"object_name": "DDE"
},
{
"action": "removed",
"count": 2,
"object_details": [
"http://metadefender.com/",
"http://google.com/"
],
"object_name": "hyperlink"
},
{
"object_name":"XLS file",
"file_name":"Microsoft_Excel_97-2003_Worksheet.xls",
"description":"Sanitized successfully.",
"details":[
{
"action":"removed",
"count": 1,
"object_details": [
"Attribute VB_Name = \"Sheet1\"\r\nAttribute VB_Base = \"0{00020820-0000-0000-C000-000000000046}\"\r\nAttribute VB_GlobalNameSpace = False\r\nAttribute VB_Creatable = False\r\nAttribute VB_PredeclaredId = True\r\nAttribute VB_Exposed = True\r\nAttribute VB_TemplateDerived = False\r\nAttribute VB_Customizable = True\r\n"
],
"object_name":"macro"
}
],
"action":"sanitized"
},
{
"object_name":"XLSX file",
"file_name":"Microsoft_Excel_Worksheet.xlsx",
"description":"invalid file structure.",
"details":"Relationship file sharedStrings.xml does not exist",
"action":"removed"
},
{
"action": "removed",
"count": 1,
"object_name": "OLE"
},
{
"action": "sanitized",
"count": 3,
"object_name": "image"
},
{
"action": "removed",
"count": 1,
"object_details": [
"Attribute VB_Name = \"Module1\"\r\nSub test_Macro()\r\nAttribute test_Macro.VB_Description = \"create macro for FTC test\"\r\nAttribute test_Macro.VB_ProcData.VB_Invoke_Func = \"e\\n14\"\r\n'\r\n' test_Macro Macro\r\n' create macro for FTC test\r\n'\r\n' Keyboard Shortcut: Ctrl+e\r\n'\r\n Range(\"B13\").Select\r\n ActiveCell.FormulaR1C1 = \"testing macro\"\r\n Range(\"C13\").Select\r\n ActiveCell.FormulaR1C1 = \"blablabla\"\r\n Range(\"D13\").Select\r\nEnd Sub\r\n"
],
"object_name": "macro"
}
]
}
},
...

Please not to utilize the details programmatically. It is only for troubleshooting. In other words, the text may change any time without warning.

The forensic info is optional, it's not available for all file types

This feature is enabled by default, use bellow Deep CDR setting to disable

[setting]
;Setting "include_sanitization_details" to 1 will return sanitize info, 0 will disable it, only available from MetaDefender Core 4.13.0
include_sanitization_details=0
include_processed_objects=0

Filed object_details is available only when setting include_processed_objects is set to 1. The length of object details is limited to 5000 characters. If it exceeds the limit, it will be truncated.