Metascan®

Features

Every organization has unique needs for scanning performance, customization and management. Metascan’s many features enable powerful multi-scanning for any environment.

Metascan packages include licensed built-in engines, saving you the hassle of sourcing and managing licenses from multiple vendors; you only need to manage your Metascan license. Choose a package with 4, 8, 12, or 16 engines, and add additional engines if desired. To learn more about the engines available with Metascan, please view the Metascan package options.

Evaluate Metascan

All Metascan packages and implementations include the following features:

  • Management station: For implementations using multiple installations of OPSWAT’s multi-scanning technology, the Metascan management station provides a centralized console for managing compliance and configuration. Details and screenshots»
  • Post actions: Metascan allows you to specify post-scan file handling by result, file type and more. Examples of custom post actions»
  • Custom engines: Metascan supports the integration of customer created scanning engines, allowing you to implement your own scanning logic or a solution for data loss prevention. Possible implementations»
  • Web interface: Create your own in-house version of Metascan-online.com using the web interface available with all Metascan packages. Learn more»

Additional features include:

  • High performance and scalability by optimizing scans
    • Single pass archive extraction
    • Simultaneous scans by all engines
    • File queue management
    • Integrated RAM drive for speed and to protect confidential data in the event of a reboot during scan [all RAM data is purged]
  • Ability to schedule automatic signature updates for built-in engines
  • Easy manual update process for isolated networks
  • Scanning of files, folders, and drives
  • Boot sector scanning
  • Ability to analyze hundreds of different file types
  • Ability to extract numerous different archive types
  • Option to quarantine or delete infected files
  • Customizable scan result hash caching
  • Support for integration with MS SQL Server or PostgreSQL; locally or on a remote server
  • Support for RESTful Web API
  • Intuitive Microsoft Management Console
  • Easy evaluation and licensing
  • Easy integration to threat detection and response solutions such as Silicium/RSA ECAT
  • Easy integration to a mail relay for scanning emails and attachments using Metascan
  • Easy integration to proxy servers such as Squid using ICAP. Click here to watch the Metascan ICAP Server webinar.

 

Sample Projects Visual C/C++, Visual Basic, .NET, C#, ASP.NET, PHP, JAVA
Interfaces Simple COM interface (TLB files available)
JAVA interface
Command line interface
RESTful Web interface
ICAP interface
Supported Operating Systems* Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows 2008 R2, Windows 2012
* Supports both 32 bit and 64 bit OS
Supported File Types ANI, ARJ, CAD, AVI, BMP, DataZfile, Doc, EPS, EXE, Font_Type1, Gif, GZip, ICO, IS_Uninst, CAB, Jar, JavaClass, JPEG, LHA, MDB, Mp3, MPEG, Hlp, WMF,MIME, MsLibrary, LNK, DB, OBJ, XML, PCX, PDF, PIF, PKLite, PNG, QTMovie, SFXexe, RAR, RIF, TAR, Txt, Tiff, TNEF, TTF, Unicode, UnixComprs, Visio, WMV, WAV, XLS, Xara, Zip, Zoo, ISO, NSIS, MSI, Office 2007 and 2010 documents, and many other file types
Supported Archive Types zip, rar, tar, jar, lha, gzip, bzip, arj, iso, sfx, and many others

The Metascan management station (alpha release) provides an easy way to track and manage multiple instances of Metascan, Metadefender or Metascan Client within your network. With a simple, clear interface, the management station is a centralized console for:

Management StationCompliance Information Monitoring

  • View the list of managed engines on each installation
  • View the license status for each managed engine
  • View the update status for each managed engine

Configuration Adjustments

  • Change scan settings
  • Create scripts for clean/infected file handling
  • Set archive handling
  • Manage update frequency
  • Enable file hash caching and reset interval
  • Configure databases for logging
  • And other available settings

Update Management

  • Push offline updates to each managed product
  • Configure automatic updates interval and timeout

Additional features are coming soon! If you have questions regarding the Metascan management station and the planned features, please contact sales@opswat.com.

Current multi-scanning customers can access the Metascan management station software through their account on the OPSWAT Portal.

 

Evaluate Metascan

When implementing your multi-scanning solution, utilize Metascan’s customizable post-actions to designate specific handling for files after they are scanned.

Evaluate Metascan

Possible post actions through Metascan include:

  • Upload clean files to an FTP server
  • Convert files to a standard format e.g. convert all Word documents to PDF or all images to JPG
  • Send threat detections to a syslog server
  • Move clean and infected files to different folders
  • Upload files to a HFS - HTTP file server
  • Burn clean files to a CD
  • Print scan receipts with details
  • Send email alerts with scan results

Read more about implementing post actions in our knowledge base.

Metascan offers powerful scanning using multiple commercial antivirus engines, but one of its unique strengths is the ability to integrate your own custom engines. Using this feature of Metascan, you can greatly extend the capabilities of your multi-scanning solution to perform additional scanning alongside your antivirus engines.

Evaluate Metascan

Possible custom engines include:

  • Data loss prevention: Allow Metascan to control the flow of data out of your organization by implementing a custom DLP engine. An effective scanning solution can be easily created by coding logic to search files for specified keywords, such as “confidential”, or for specific strings of data, such as social security numbers or credit card numbers. By integrating this type of custom engine, Metascan can report files as suspicious if the sensitive keyword or data is present.
  • Custom antivirus engines: Utilize your own command line scanners as part of Metascan
  • Custom scanning logic: Create your own scanning logic and integrate it into Metascan

Sample code for integrating custom engines is available in our knowledge base.

All Metascan packages provide the ability to implement an in-house file scanning solution, like our Metascan Online demo, given certain technical requirements. Use the web interface feature to create a complete, static file scanning solution suitable for malware analysis in off-line or locked-down environments.

File analysis via a web interface allows anyone with a web browser in your network to quickly determine the status of a file (clean or infected) as well as the particular threat identified (class of malware, name, engines that detected the threat).

The web interface provides:

  • Standards-compliant web interface
  • Custom reports via downloadable .CSV files
  • Integrated file browser, as shown in the lower right screenshot
  • Permanent URL for each file for rapid referencing of previously scanned files
  • Ability to search via threat name, MD5 or SHA1 hashes

Additional Information:

For a free online demo of multiple engine malware scanning of files, please visit metascan-online.com.

For a full demonstration and licensing information, please contact sales@opswat.com.

Metascan Web Interface Scan Results
Metascan Web Interface File Browser