Introduction
This Silo feature scans files for malware before downloading to a user’s device. Files saved to Silo’s Cloud Storage will not be scanned. If a user is allowed to download a malicious file by policy, it will be delivered in a zip archive.
Steps
1. When you download a file within the Silo browser, the Storage Manager opens. Click the Save button.
2. The “Save File As” window opens, click the Save button. The malware scan begins.
This pop-up message informs you that Silo is scanning for malicious files.
If you do not have permission to download a malicious file, this warning appears.
However, if your administrator enables the ‘notify but allow download of malicious file’ permission, the following warning appears.
3. At this point, you may click the Cancel button to stop the download, or, click the Download button to accept the risk.
Example of the malicious file download.
Technical Details
To set the Malware Scanning policy, open the Admin Console panel.
1. Click the Edit button.
This is the default setting.
This is how to disable Malware Scanning.
This is how to enable ‘notify but allow download of malicious files.’
Exploit Audit Log*
AppServer generated audit logs - AppServer generates logs when an exploit is discovered while downloading a file to the local computer. The delivered value will change based on if the user decides to download the malware. *This section is part of the Silo Logs Reference Guide. For additional information, refer to Silo Logs Reference Guide.
{ "origin": "unknown"*,
"delivered": true,
"client_ip": "client ip",
"user_id": "UserId",
"seq_id": 4418356,
"filetype": "CL_TYPE_TEXT_ASCII",
"org_id": "OrgID",
"exploit_name": "Eicar-Test-Signature",
"session_id": "Session ID",
"filename": "eicar.com test",
"username": "username",
"create_ts": "2018-04-12 17:55:19",
"type": "EXPLOIT"
}
Note: If “delivered”: true then *malicious file delivered as a zip archive.
*origin not used at this time.
Avoid Malware Scanning
If you are using the File Management API Reference Guide, these changes are mandatory when virus scanning is on.
1. This is an example of using cURL without the new skip exploit scan flag:
- curl -X POST -d "id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
2. Here are examples with new flags (skip-exploit-scan & deliver-exploit):
- curl -X POST -d "skip-exploit-scan=y&id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
- curl -X POST -d "deliver-exploit=y&id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
Notice the only difference is the new skip-exploit-scan=y at the beginning of POST Body... the text after -d
Workflows
1. Deliver exploit is used in the "workflow for downloading malware" (new)
- Request file
- Response says file is infected
- Re-request file with deliver-exploit flag
- Response will be zipped version of file
2. Skip exploit scan is used in this workflow
Note: Malware scan policy must be off or on and allow download
- Request file with skip exploit
- Response is original unzipped file, no malware scan
Additional Notes
Please contact Support if you have any additional questions and/or require further information.