5. Forensic info
This feature is available with MetaDefender Core v4.13 or newer.
Together with an error message, DS engine also returns forensic info to describe what happened during the process in case file was successfully sanitized.
Sample forensic info
..."post_processing": { "actions_failed": "", "actions_ran": "Sanitized", "converted_destination": "", "converted_to": "", "copy_move_destination": "", "sanitization_details": { "description": "Processed successfully.", "details": [{ "action": "sanitized", "object_name": "XML content" }, { "action": "removed", "count": 1, "object_name": "DDE" }, { "action": "removed", "count": 1, "object_name": "hyperlink" }, { "object_name":"XLS file", "file_name":"Microsoft_Excel_97-2003_Worksheet.xls", "description":"Processed successfully.", "details":[ { "object_name":"macro", "action":"removed" } ], "action":"sanitized" }, { "object_name":"XLSX file", "file_name":"Microsoft_Excel_Worksheet.xlsx", "description":"invalid file structure.", "details":"Relationship file sharedStrings.xml does not exist", "action":"removed" }, { "action": "removed", "count": 1, "object_name": "OLE" }, { "action": "sanitized", "count": 3, "object_name": "image" }, { "action": "removed", "object_name": "macro" }] }},...
Please not to utilize the details programmatically. It is only for troubleshooting. In other words, the text may change any time without warning.
The forensic info is optional, it's not available for all file types
This feature is enabled by default, use bellow Data Sanitization setting to disable
[setting];Setting "include_sanitization_details" to 1 will return sanitize info, 0 will disable it, only available from MetaDefender Core 4.13.0include_sanitization_details=0