Silo for Safe Access offers a malware scan functionality when downloading files over to the local machine environment. However, files saved to Silo Drive (Cloud Secure Storage) will not be scanned for malware. A Silo Admin can also set the File Transfer policy to allow malicious file download, which will be delivered in a zip archive file
Steps
1. Click the Silo Drive icon from the Extensions Toolbar, then click Silo Drive
2. Select the file you wish to download from Silo Drive, then click Save to initiate a local machine download -- this will activate the malware scan process
Our malware scan will run in the background to check for potential threats -- a notification is displayed if any threat is detected
A Download canceled notification will be displayed if your organization's policy does not allow malicious file downloads.
A DOWNLOAD ANYWAY override is presented in the notification message if malicious file download is enabled.
3. Click Cancel to stop the download, or click DOWNLOAD ANYWAY to move forward
Malware Scan Policy
1. From the Silo Admin Console, click Manage right below Policies
2. Navigate to Data Transfer > Malware Scanning > Edit
Default Setting
Malware Scanning Disabled
Malware Scanning Enabled with Download Override
Exploit Audit Log
A log is recorded when an exploit is discovered while downloading a malicious file over to the local machine. The delivered value will vary depending on how the malware download is handled
Example taken from EXPLOIT Log Reference
{ "origin": "unknown"*,
"delivered": true,
"client_ip": "client ip",
"user_id": "UserId",
"seq_id": 4418356,
"filetype": "CL_TYPE_TEXT_ASCII",
"org_id": "OrgID",
"exploit_name": "Eicar-Test-Signature",
"session_id": "Session ID",
"filename": "eicar.com test",
"username": "username",
"create_ts": "2018-04-12 17:55:19",
"type": "EXPLOIT"
}
More Info:
• "delivered": true indicates that the malicious file download was delivered in a zip archive file
• "origin": "unknown" is not used at this time
Avoid Malware Scanning
If you are using the File Management API, the following changes are mandatory when virus scanning is enabled
cURL example without the skip exploit scan flag:
- curl -X POST -d "id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
cURL examples with skip-exploit-scan & deliver-exploit flags:
- curl -X POST -d "skip-exploit-scan=y&id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
- curl -X POST -d "deliver-exploit=y&id=<desired File ID>&auth=<URL encoded file auth token>" -OJ https://extapi.authentic8.com/getfile/
Notice the difference with skip-exploit-scan=y at the beginning of the POST body
Workflows
1. Deliver exploit is used in the workflow for downloading malware
- Request file
- Response says file is infected
- Re-request file with deliver-exploit flag
- Response will be zipped version of file
2. Skip exploit scan is used in this workflow
- Request file with skip exploit
- Response is original unzipped file, no malware scan
Important: Malware scan policy must be set to Disabled --or-- Enabled with download override
Please contact Support for any additional questions