MetaDefender Core continuously optimizes product efficiency, reliability, and scalability for users. Version 5.6.0 brings in new features to prioritize workflow rules, improve Quality of Service (QoS), and reduce bottlenecks for callback responses. This update also includes improvements to the UI, Sandbox engine, and other advancements to enrich the user experience.
Product Overview
OPSWAT MetaDefender Core helps organizations secure web portals from malicious file upload attacks, augment cybersecurity products, and develop their own malware analysis systems.
MetaDefender Core leverages OPSWAT proprietary technologies—including Deep Content Disarm and Reconstruction (Deep CDR), Multiscanning, File-Based Vulnerability Assessment, Data Loss Prevention, and Threat Intelligence—to provide comprehensive protection for your networks and infrastructure against increasingly sophisticated file-borne threats.
Release Highlights
Improve Quality of Service with Workflow Rule Prioritization
Customers managing multiple workflow rules can now define priorities to determine the processing order for scan requests. This allows them to configure their scanning workflow rules based on their specific technical and business requirements.
This feature improves the control and efficiency of file processing. By assigning priorities ranging from very high to very low, MetaDefender Core will process the scan requests based on these pre-defined priorities.
This feature improves the control and efficiency of file processing. By assigning priorities ranging from very high to very low, MetaDefender Core will process the scan requests based on these pre-defined priorities.
All scan requests, when submitted, will go through the Lobby or Global Queue. The engines in MetaDefender Core classify these requests and group them into certain queues for processing
Time Availability for Workflow
Customers can define specific time windows during which scan requests tied to certain workflows will be accepted.
By configuring the availability of each workflow rule on the server side, customers can easily reject requests that fall outside of business hours or predefined time constraints. This feature improves efficiency by simplifying and streamlining workflow management. You can find this new setting under the General workflow tab.
Global Processing
MetaDefender Core provides a global processing timeout that applies to every scan request.
This enables customers to control the Service Level Agreement (SLA) for each scan request. If a scan request exceeds the global processing timeout, it will be blocked and labeled as "Global timeout exceeded." Customers can configure the global processing timeout at Workflow Management > Workflows > Global Timeout.
Improve Scalability with Scan Throttling for Webhook
In response to the issue of congestion caused by a high volume of scan requests in MetaDefender Core, version 5.6.0 introduces a solution known as the throttling option for scanning webhook.
To better understand this, think of MetaDefender Core as a stadium with tens of thousands of people, all waiting to enter through one entrance. When a large number of scan requests are sent using webhook, it's like everyone trying to enter the stadium simultaneously. When each file scan is completed, MetaDefender Core will send a callback from to the server with the scan result. However, under high load, an unlimited number of callbacks may attempt to enter the queue simultaneously, resulting in congestion within the callback process.
To alleviate congestion and ensure smooth processing of scan results, the new throttling option for scanning webhook in MetaDefender Core effectively manages the flow of callbacks. Instead of having an unlimited number of callback slots in the queue, MetaDefender Core now divides the queue into multiple queues, with a configurable maximum slot number for each. If the number of callbacks exceeds the maximum slots, the excess callbacks will be sent to the waiting room until the next slot becomes available.
This enhancement helps maintain optimal performance even under heavy scan request loads, ultimately improving efficiency and reliability for users.
PostgreSQL Update
MetaDefender Core now supports PostgreSQL 14 (verified with 14.8). The bundled PostgreSQL server included with MetaDefender Core standalone deployments also comes with this new version.
Note: Upgrading from version 5.5.1 or older (using PostgreSQL 12) to version 5.6.0 (using PostgreSQL 14) requires running the MetaDefender Core installer with admin privileges to ensure successful database migration.
Allowlist by Vendor Filtration
This new feature enables users to create a filter on MetaDefender Core to add PE (Portable Executable) files and only allow files from trusted vendors into the allowlist. Users can also choose to block those PE files if they are not satisfied with the predefined conditions. This setting can be found under the Allowlist workflow tab.
While checking this option can improve file processing speed, OPSWAT recommends applying a zero-trust approach to all incoming files to prevent attacks that exploit digitally signed binaries.
Continuous Improvement for UI Accessibility
MetaDefender Core 5.6.0 addresses accessibility issues and improves the graphical user interface (GUI) for better accessibility readiness.
UI Scan Duration
Users now have the option to specify their preferred time format for scan duration to be displayed on the UI.
Filescan Improvement
- Renamed the "MetaDefender Sandbox" engine to "Sandbox"
- Added extraction_info to the scan result JSON of GET - Fetch analysis reports containing all files in archive
- Users can adjust the default enabled file types for Sandbox file processing under workflow:
- Remote Sandbox: all file types are selected by default.
- Local Sandbox: all file types except archive are selected by default.
Other Enhancements and Updates
Attach MetaDefender Core Information in Fetch Response
When enable MetaDefender Core using a new supported API endpoint, it will return the allowable server information (deployment ID, server IP address and port) in the scan result fetch response.
Display File Size and File Type During Processing
File size and type are now displayed on the processing result UI screen, even when the file is being processed or finished.
Sort History
The sorting feature in the processing history UI has been enhanced to allow sorting of the entire scan history across all pages. (Previously, only the current UI page allowed sorting on MetaDefender Core v5.5.1.)
Skip Sanitizing Empty Files
Users can find this new setting under the Deep CDR workflow tab. This option is disabled by default.
Release Details
Product: MetaDefender Core
Release Date: 14 July 2023
Release Notes: 5.6.0
Download Link on OPSWAT Portal: Download
