Client file download requests (for example PDF, DOCX, PPT, XLSX, XML files) matching Cloud WI "inspect" mode rules see Votiro (CDR) not recognizing the sent to be scanned object (different HASH then the actual file) and the download being forbidden. Practical example downloading PDF file from "https://file-examples.com/wp-content/storage/2017/10/file-example_PDF_1MB.pdf"

The files are hosted on a web server (example "file-examples.com") protected by CloudFlare reverse proxy/WAF. Before the file download starts the CloudFlare system is sending a challenge script and not the actual PDF file.

The Votiro scanner tries to scan the script file (as mime type application/x-zstd) but cannot complete the analysis. The whole true PDF file is served only in the case that the sent CloudFlare script challenge ("are you a human?") is passed.

Test Votiro while matching WI inspect policies with a different web-server that is not behind a CloudFlare reverse proxy, alternatively engage the web-server owner asking to allow requests from "Web Isolation Cloud Egress IP Addresses", or if the domain is a trusted source bypass it from Votiro scanning