Verdict-as-a-Service

Komponenten

Explanations of the components

1 = Verdict-as-a-Service SDK

Prepared SDKs make it easier for you to implement Verdict-as-a-Service in your application.
You will find up to 4 different functions in the SDKs (depending on the programming language):

forFile = Check file
forUrl = Check URL
forStream = Check streams
forSha256 = Check Sha256 only

Depending on the function, the exchange of information between the components is slightly different.

2 = Identity-Provider

Mini-Identity-Provider is a OpenID Connect compatible authentication provider. It is used for simple scenarios with only one user. It is possible to use your authentication provider at this point.

3 = Gateway

The gateway acts as an interface for all requests, including authentication. It generates the responses with the help of our backing services.

4 = Redis

This cache contains previous checks and serves as the basis for a new check. If there is an intermediate result in the cache file, it is not necessary to scan the file again.

5 = GdScan

The main component for scanning files using multiple engines.

6 = CloudHashLookUp

CloudHashLookUp is a backend system that can only be hosted in our cloud. The hash value is used to determine what is already known about this file without the file having to be transmitted. This allows malicious files to be identified with less delay. In the VAAS cloud solution, this query is always carried out. In on-premise solutions, this query is optional.

Explanation of the schematic diagram

The schema diagram illustrates the interaction of the Verdict-as-a-Service components in the case of a file check (forFile). All other functions differ slightly

Funktion forFile
1. The SDK (1) integrated in the software requests an authentication token from the identity provider (2) and transmits this token together with the SHA256 sum of the file to the gateway (3).
2. The gateway (3) verifies the authentication and checks Redis (4) to see if this file has already been scanned by Verdict-as-a-Service. If there’s a match, the result is immediately returned to the SDK (1).
3. Otherwise, the SHA256 sum is transmitted to CloudHashLookup (6). If information on this file is already available there, the result is immediately returned to the SDK (1).
4. If the SHA256 sum does not provide any information about this file, the gateway (3) requests the transmission of the complete file and runs it through the scanner (5). The result is returned to the SDK (1).
Funktion ForURL
- The procedure is the same as for the forFile function. However, the SDK transmits a URL. This eliminates the need to query the SHA256 sum. The gateway (3) downloads the files reached under the specified URL and checks them with the scanners.
Funktion forStream
- The process corresponds to the forFile function.

Funktion forSha256

The process corresponds to the forFile function, but the file is not uploaded, even if the CloudHashBackup query has not returned any information. This function can only be used with on-premise use of Verdict-as-a-Service if the CloudHashBackup query has not been deactivated.