Silo for Safe Access offers a malware scan functionality when downloading files over to the local machine environment. However, files saved to Silo Drive (Cloud Secure Storage) will not be scanned for malware. A Silo Admin can also set the File Transfer policy to allow malicious file download, which will be delivered in a zip archive file



Steps


1. Click the Silo Drive icon from the Extensions Toolbar, then click Silo Drive




2. Select the file you wish to download from Silo Drive, then click Save to initiate a local machine download -- this will activate the malware scan process




Our malware scan will run in the background to check for potential threats -- a notification is displayed if any threat is detected



A Download canceled notification will be displayed if your organization's policy does not allow malicious file downloads.




A DOWNLOAD ANYWAY override is presented in the notification message if malicious file download is enabled.




3. Click Cancel to stop the download, or click DOWNLOAD ANYWAY to move forward




Malware Scan Policy

1. From the Silo Admin Console, click Manage right below Policies



2. Navigate to Data Transfer > Malware Scanning > Edit



Default Setting

Malware Scanning Disabled



Malware Scanning Enabled with Download Override



Exploit Audit Log

A log is recorded when an exploit is discovered while downloading a malicious file over to the local machine. The delivered value will vary depending on how the malware download is handled 


Example taken from EXPLOIT Log Reference


{ "origin": "unknown"*,

"delivered": true,

"client_ip": "client ip",

"user_id": "UserId",

"seq_id": 4418356,

"filetype": "CL_TYPE_TEXT_ASCII",

"org_id": "OrgID",

"exploit_name": "Eicar-Test-Signature",

"session_id": "Session ID",

"filename": "eicar.com test",

"username": "username",

"create_ts": "2018-04-12 17:55:19",

"type": "EXPLOIT"

}


More Info:
"delivered": true indicates that the malicious file download was delivered in a zip archive file

"origin": "unknown" is not used at this time



Avoid Malware Scanning

If you are using the File Management API, the following changes are mandatory when virus scanning is enabled


cURL example without the skip exploit scan flag:


 cURL examples with skip-exploit-scan & deliver-exploit flags:


Notice the difference with skip-exploit-scan=y at the beginning of the POST body



Workflows

        1. Deliver exploit is used in the workflow for downloading malware

  • Request file
  • Response says file is infected
  • Re-request file with deliver-exploit flag
  • Response will be zipped version of file

    

        2. Skip exploit scan is used in this workflow

  • Request file with skip exploit
  • Response is original unzipped file, no malware scan


Important: Malware scan policy must be set to Disabled --or-- Enabled with download override



Please contact Support for any additional questions