Introduction to CDR

  • 15 February 2021
  • 0 replies

Userlevel 2

Introduction to CDR


Content Disarm & Reconstruction (CDR) is the process of stripping potentially malicious data from files before they reach their recipients. Even seemingly innocuous files like Word or PowerPoint documents can have suspicious data hidden in them, including malicious image files to full executable programs. A CDR system breaks down these files to their base elements, removing or otherwise sanitizing potentially harmful contents before either reconstructing them and passing them along to their intended recipient, or withholding them altogether. The parts of files that get filtered correspond to your policy settings, though all CDR policy is orchestrated with the intent to lower risk of incoming threats.

Data can be hidden in many ways in a wide number of different file types. A common Microsoft Office document like a Word, PowerPoint, or Excel file can invisibly contain almost any other kind of file within their structure. Even without hiding an entire malicious file within one of these documents, malicious data can easily be hidden through text formatting. Extra text can be written in white or formatted to display ten thousand pixels off the right of the page, undetectable to the average reader. Clickable links can be embedded into an image of a single transparent pixel and hidden. The metadata of a document could contain a great amount of text without impacting the user experience of reading or otherwise using the document. These methods, and many more, are what a CDR system looks for when disarming and reconstructing a file.

It is notable that a CDR system protects recipients in ways distinct from spam filters or anti-virus programs. While a spam filter has some overlap with the capabilities of a CDR system, the CDR system has many more options about how to treat incoming mail and files. A spam filter may block an email from a suspicious address which contains hyperlinks or files but cannot protect a recipient from malicious content hidden within a file. Similarly, an anti-virus program can compare a file against a database of known viruses but cannot sanitize the contents of those files. Each of these th atee tools can be used in tandem to reduce risk, though none covers all the use cases of the other.


An organization may want to adopt the use of a CDR system for their emails if they:

  • Receive files or hyperlinks in emails from sources outside the organization.
  • Want to reduce the risks associated with externally sourced data.
  • Want to enforce policy about what kinds of content should be reaching specific people or groups of people through their email (e.g. Nobody in Finance should receive any sort of executable)

If an organization intends to reduce risk from as many different sources as possible a CDR system which protects recipients from the contents of emails and email attachments can be a vital part of a protection suite.


If you’re interested in finding out more about Glasswall’s CDR technology, contact our Sales team at

0 replies

Be the first to reply!