How to Remove Infected Child Files from Archives in MetaDefender Core

Use case

Core scans an archive or container file, and one or more of the child files inside the archive are detected as infected. The desired result is to return a modified archive where the infected child file has been removed, rather than returning the original archive with the infected child file(s) sanitized.

Resolution

To remove infected child files from an archive, configure the workflow’s Compression and Deep CDR settings:

Workflow areaSettingValue
Deep CDREnable Deep CDRStatus: Active
CompressionEnable archive sanitizationEnabled
CompressionEnable for archive compression filetypesSelect the required archive/container types
CompressionSkip Malicious ItemsEnabled; configure the verdicts that should be treated as malicious
CompressionInclude sanitized version of blocked child filesDisabled
CompressionAdd tombstone file during archive process / archive sanitizationOptional, recommended for keeping track of infected files
Deep CDREnable for filetypesOptional: enable for supported child file types if clean child files should be sanitized
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches