Scalability and efficiency are just as critical as security. OPSWAT MetaDefender ICAP Server v5.9.0 introduces upgrades for organizations handling high volumes of file traffic, while maintaining deep inspection and security control across the file lifecycle. From perimeter-based file type filtering to simplified troubleshooting and proactive monitoring, this release delivers the speed and security that modern enterprises demand.
In this release:
- Perimeter-Based File Type Verification: Verify files at scale without compromising efficiency
- New User Interface: Generate support packages with intuitive UI
- Proactive System Monitoring: Stay ahead of connectivity status with notifications and improved observability
- CIS Level 1 Support: Strengthen compliance for Linux environments
- Other feature refinements
Built for Scale: File Type Verification at the Network Edge
This feature transforms how organizations capture threats early while maintaining the performance needed for high-volume environments.
Multi-Layered Security, Efficiently and at Scale
For organizations processing large volumes of file downloads, this release introduces enterprise-grade file type verification at the ICAP Server level. This enables preliminary filtering before files are sent to MetaDefender Core for deep file content inspection.
Previously, without filtering at the ICAP level, every file regardless of risk or relevance was sent to MetaDefender Core for full security processing. This could overwhelm the file pipeline, causing bottlenecks and unnecessary scanning of low-risk files and processing delays during traffic surges.
Our new architecture integrates OPSWAT’s File Type Verification engine directly at the network perimeter. This allows flexible filtering of traffic so only relevant files (such as PDFs, Office documents, and executables) proceed to MetaDefender Core for in-depth scanning with other engines: Archive Extraction, MetaScan Multiscanning, Deep CDR, and more.
This approach also aligns with OWASP's recommendations to validate file types based on file structure rather than extensions or metadata alone, helping organizations balance between security and efficiency.
Key Capabilities
- Early identification and verification of file types before processing in MetaDefender Core.
- Customizable allowlists to let trusted file types (e.g., TXT, HTML, JSON, XML) bypass MetaDefender Core scanning (determined by user after risk evaluation), reducing deep inspection workload and boosting throughput.
- Simplifies file filtering configuration by offloading complex or missing proxy filtering tasks to MetaDefender ICAP Server.
File Type Filtering Use Cases
- High-Volume File Download Environments
This feature is especially beneficial in scenarios where organizations handle a large volume of file downloads, such as:
- Corporate environments with employees frequently downloading files from external sources
- Financial institutions with users accessing shared resources
- Public sector or defense agencies handling bulk document access
This use case is ideal for organizations that:
- Have strict SLAs around file download speed and availability
- Want to apply layered security where only high-risk file types receive full scans
- Need to maintain high throughput without compromising perimeter inspection
By introducing file type verification directly at the ICAP Server, known safe file types can be allowlisted and bypass further scanning, based on the preference and flexibility determined by the administrators. End-users can gain faster access to file downloads because of this optimized scanning workflow.
2. Multi-Part File Uploads to Web Application Portals
Another common challenge occurs in web applications where file uploads are submitted alongside form data. These applications may be misconfigured or not designed with security controls that allow proper filtering of uploaded files. In such cases, identifying and filtering files by type at the proxy level is often difficult or impossible, due to proxy’s limitations in filtering capabilities.
By filtering the file type at the perimeter, MetaDefender ICAP Server bridges this gap. Administrators can now create precise allowlists for file uploads, regardless of the proxy’s limitations. This capability reduces risk when immediate web app fixes or proxy upgrades are not feasible.
This use case is ideal for organizations that:
- Have web applications that send a combined file and form data in upload workflows
- Are unable to modify or reconfigure their proxy to securely filter by file type
- Need to enforce secure upload policies without relying on end-user behavior
- Want to adopt OWASP-aligned file upload practices for validating file content instead of just file extensions
Learn more about ICAP Security Use Cases.
Faster high-volume scanning
Offloading file type detection to an ICAP Server reduces MetaDefender Core bottlenecks, which helps accelerate file processing in demanding download scenarios.
Layered security
Focus rigorous, multi-layered scanning on high-risk files while allowing trusted types to pass quickly. This meets certain scenarios where speed and efficiency need to be balanced.
Proxy compatibility
Provides enterprise-grade file type filtering even when proxies lack such capabilities.
Compliance aligned
New User Interface for Generating and Downloading Support Packages
Troubleshooting just got easier. Previously available only via command line, support package generation can now be done directly through the MetaDefender ICAP Server’s user interface.
Highlights include:
- Generation and download of support packages without CLI access.
- Detailed package information including start time, duration, and status, and more.
- Simple management, including deletion of outdated packages and error reporting.
- Automatic cleanup of temporary files to keep the system tidy.
This streamlined GUI approach saves IT and security teams valuable time during critical troubleshooting.
Customizable Email Notifications for ICAP and MetaDefender Core Connectivity
Stay proactive with enhanced email alerting features. Network administrators can now tailor notifications related to MetaDefender Core and MetaDefender ICAP Server connectivity, including:
- Alerts when scan servers become unreachable
- Warnings for unhealthy or unreachable server profiles
- Disk space threshold notifications
- License expiration reminders
- Other configurations
Customize message content and scheduling to fit your operational needs, helping you avoid alert fatigue while staying informed of critical issues. Choose from default templates or create custom messages to ensure timely, relevant alerts to maintain your security infrastructure’s health.
CIS Level 1 Support for Linux
MetaDefender ICAP Server now supports CIS (Center for Internet Security) Level 1 benchmarks for Linux environments. This enhancement helps organizations harden their Linux deployments using industry-recognized best practices, strengthening defense against cyber threats while simplifying compliance efforts.
MetaDefender ICAP Server: File Security at the Network Perimeter
OPSWAT MetaDefender ICAP Server protects organizations against file-based cyberattacks at the network perimeter. Comprehensive, multi-layered security technologies detect and prevent malicious files as they pass through your load balancer, WAF (web application firewall), MFT (managed file transfer) solution, or any other ICAP-enabled network security device.
All suspicious files traveling through your network traffic are blocked or sanitized before they are accessible to end users to protect against evolving cyberthreats. Sensitive data is redacted, removed, or blocked to help organizations meet security compliance standards. Upgrade to our latest version or talk to our security experts to learn more about MetaDefender ICAP Server.
Release Details
- Product: MetaDefender ICAP Server
- Release Date: May 21, 2025
- Release Notes: 5.9.0
- Download from OPSWATTM Portal
For more information, talk to our cybersecurity experts.
