Overview


This Silo feature scans files for malware before downloading to a user’s device. Files saved to Silo’s Cloud Storage will not be scanned. If a user is allowed to download a malicious file by policy, it will be delivered in a zip archive.

When you download a file within the Silo browser, the Storage Manager opens. Click the Save button.


image1.png


The “Save File As” window opens, click the Save button. The malware scan begins.


image2.png


This pop-up message informs you that Silo is scanning for malicious files.


image3.png


If you do not have permission to download a malicious file, this warning appears.


image4.png


However, if your administrator enables the ‘notify but allow download of malicious file’ permission, the following warning appears.


image3.png


At this point, you may click the Cancel button to stop the download, or, click the Download button to accept the risk.


image5.png

I
Example of the malicious file download.

image6.png


Technical Details


To set the Malware Scanning policy, open the Admin Console panel.


image7.png


Click the Edit button.


image9.png


This is the default setting.


image10.png


This is how to disable Malware Scanning.


image12.png


This is how to enable ‘notify but allow download of malicious files.’


image14.png


Exploit Audit Log


AppServer generated audit logs - AppServer generates logs when an exploit is discovered while downloading a file to the local computer. The delivered value will change based on if the user decides to download the malware. Refer to Silo Logs Reference Guide for additional information.


{ "origin": "unknown"*,

"delivered": true,

"client_ip": "client ip",

"user_id": "UserId",

"seq_id": 4418356,

"filetype": "CL_TYPE_TEXT_ASCII",

"org_id": "OrgID",

"exploit_name": "Eicar-Test-Signature",

"session_id": "Session ID",

"filename": "eicar.com test",

"username": "username",

"create_ts": "2018-04-12 17:55:19",

"type": "EXPLOIT"

}


Note: If “delivered”: true then *malicious file delivered as a zip archive.


*origin not used at this time.


Avoid Malware Scanning

If you are using the File Management API Reference Guide, these changes are mandatory when virus scanning is on.


        1. This is an example of using cURL without the new skip exploit scan flag:


         2. Here are examples with new flags (skip-exploit-scan & deliver-exploit):


Notice the only difference is the new skip-exploit-scan=y at the beginning of POST Body... the text after -d


Workflows


        1. Deliver exploit is used in the "workflow for downloading malware" (new)

  • Request file

  • Response says file is infected

  • Re-request file with deliver-exploit flag

  • Response will be zipped version of file

    

        2. Skip exploit scan is used in this workflow


Note: Malware scan policy must be off or on and allow download

  • Request file with skip exploit

  • Response is original unzipped file, no malware scan


Additional Information

Please contact Support  if you have additional questions or require further information about Silo.