Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

How to Disarm and Reconstruct Files in C#

4 min readOct 9, 2025

In this brief article, we’ll provide context for Content Disarm and Reconstruction (CDR) file sanitization in threat scanning workflows, and we’ll explain how CDR is intended to work. We’ll then provide example code to implement a CDR solution into our projects with zero hassle.

Press enter or click to view image in full size

Context for CDR

When malicious files — meaning content infected with viruses, malware, or other harmful executables — are detected entering a network, quarantining or deleting those files is the most common next step.

The obvious goal is to avoid exposing users to content that’s designed to execute immediately after a stray or misguided click.

But what if those files contained important information beyond their malicious components? Important files are sometimes hijacked by threat actors and injected with malicious content to improve the likelihood of malware execution.

Deleting or quarantining them is certainly the safe route — but it comes at the expense of preventing an individual, team, or perhaps even a whole department from accomplishing meaningful work.

How CDR Works

File sanitization in the form of Content Disarm and Reconstruction (CDR) is a valuable alternative to traditional threat mitigation. CDR assumes all files are inherently malicious and should therefore be stripped down and rebuilt from scratch without insecure components before they’re handed off to a virus scanning solution.

Press enter or click to view image in full size

If that sounds too drastic, imagine buying a house and finding out months after closing that the previous owner was a secret agent. For the sake of this metaphor, you have two options: you can either ask someone to thoroughly investigate every inch of it for cameras, listening devices, tripwires, and other sketchy devices (with no guarantee you’ll find everything), or simply hand the original blueprint to a trustworthy architect and ask them to rebuild an untainted version of the house from scratch. Assuming these options cost the same amount, which would you choose?

Press enter or click to view image in full size

CDR is particularly helpful for negating malware delivered through sneaky vectors like macros, scripts, malicious links and objects, etc. which (ideally) should raise massive red flags in modern threat detection workflows. It can negate certain types of viruses, too, but files infected with particularly complex or aggressive viruses frequently remain unsalvageable.

Implementing a CDR API in C# .NET Core

Thankfully, CDR doesn’t necessarily have to be some large, overly complicated product we spend hours integrating with our infrastructure — it can just be a few minor code changes to the applications that need it.

We can, for example, take advantage of a CDR API for our C# .NET Core applications using the code examples provided below. We can use this API for free on a limited basis (800 API calls/month in perpetuity) by signing up for a free API key.

This API accepts a wide range of input file types (including MS Office files, PDFs, and dozens of images) and returns a new version of that document rebuilt without threatening components. For example, a PDF hiding a JavaScript injection would be returned as exactly the same document without any executable code.

To take advantage of this API, we’ll need the following namespace imports:

using System;
using System.Diagnostics;
using Cloudmersive.APIClient.NETCore.CDR.Api;
using Cloudmersive.APIClient.NETCore.CDR.Client;
using Cloudmersive.APIClient.NETCore.CDR.Model;

And after we’ve added those to our file, we can use the below example code to help structure our CDR request:

namespace Example
{
    public class Example
    {
        public void main()
        {

            // Configure API key authorization: Apikey
            Configuration.Default.ApiKey.Add("Apikey", "YOUR_API_KEY");
            // Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
            // Configuration.Default.ApiKeyPrefix.Add("Apikey", "Bearer");

            var apiInstance = new FileSanitizationApi();
            var inputFile = new System.IO.Stream(); // System.IO.Stream | Input document, or photos of a document, to extract data from (optional) 

            try
            {
                // Complete Content Disarm and Reconstruction on an Input File, and output in same file format
                apiInstance.CallFile(inputFile);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling FileSanitizationApi.CallFile: " + e.Message );
            }

        }
    }
}

And that’s all there is to it — nice and simple. We just need to assign the apiInstance.CallFile(inputFile) method to a variable and write that variable to a new document of the same type.

After we reconstruct our documents, we can then scan the new version of the document for threats and hopefully reduce the strain that stringent security policies place on downstream users.

Cybersecurity
Csharp
Dotnet Core
Malware
API

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

736 followers
11 following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech