Files are not just simply files. There are several layers and derivatives that make up an innocent ‘file’. Do you have any idea how many?
Each and every file is considered a container of malicious content. Files can be hidden inside macro’s, zip – sometimes even up to 10-12 derivatives within the original file. A common way for hackers to hack into an organization is by concealing the attack within a file, which is sometimes placed in the eighth-ninth derivative of the “innocent” file.
A detection approach needs to be implemented to defend the organization against complex files that may contain malicious activities in a file which is actually within the original file .
A real Content Disarm & Reconstruction (CDR) solution needs to be implemented in order to treat this file container and it’s many levels in order to remove the malicious code from the files and bring the files entirely to a pre-infected stage. The only way to do this is file-by-file must be dismantled and stripped down to it’s basic components. Each dedicated internal component must be filtered individually, with the end of the process providing a new filtered file that is repackaged based on all its filtered components. While the malicious code is being detected the removal process begins, embracing a surgical approach. A new and clean file is reconstructed, maintaining the same size and structure of the original file
To read more at : www.yazamtech.com