Technical Datasheet
The purpose of this page is to provide Question/Responses that may be used as part of a RFP process. It’s basically a more complete version of OPSWAT_FileScan_Datasheet.pdf going into more technical details, where needed.
Category | Feature | OPSWAT Filescan Compliance |
---|---|---|
Requirements | Hardware Requirements | Minimum requirements (on premise):
Note: if the customer requires more than 25000 scans/day, a custom multi-server setup is necessary and needs to be scoped out with the engineering team. Due to the low resource requirements and cloud-native capability, OPSWAT Filescan does not require nested VMs and can be deployed and operate with its proprietary virtualization technology directly on the host system. More information available: Throughput / Hardware Requirements here. |
Minimum Cloud Requirements | AWS:
| |
Performance | System performance | 25000 scans/day is the peak performance for a single-server deployment. This translates to roughly ~1000 scans/hour. A higher throughput is possible, but will require a multi-server setup. |
Average Processing Time | The average processing time per scan is ~20 seconds. On production, it is currently ~12 seconds/scan, but this varies widely based on the input mix. | |
Supported file types | Side-by-side comparison including dynamic analysis available: Supported File Types. Files: APK, ASF, BAT, DLL, DOC, DOCM, DOCX, DOT, DOTM, DOTX, ELF, EML, HTA, HTML, HWP, Java, JScript, JSE, LNK, MBOX, OLE, PDF, PE, PE, POT, POTM, POTX, Powershell, PPAM, PPSX, PPT, PPTM, PPTX, PUB, RFC822, RTF, SCT, SVG, VBScript, WSF, XLS, XLSM, XLSX, XLTM, XLTX Note: the maximum (default) file size is 100MB per upload, but can be configured (on premise only). Note #2: the MIME type is detected automatically regardless of the provided file suffix. | |
Archives Supported | 7Z, ACE, BZIP2, CAB, GTAR, GZIP, LZIP, ISO, RAR, TAR, ZIP More information available: Supported File Types. | |
Maximum File Size | Default in 1.6.3: 100MB Default in 1.7.0: 2000MB Note: all file size limits can be configured | |
Maximum parallel uploads (part of an archive) | Default in 1.6.3: 5 Default in 1.7.0: 1000 executables, 10 documents, 10 other | |
Integrations | API |
|
YARA |
| |
SIEM |
| |
MITRE | All proprietary generic threat indicators are mapped to the appropriate MITRE ATT&CK tactic and technique (if applicable) | |
| ||
OSINT |
| |
MD Core | Filescan is also available as part of an integration with MD Core. More details: MD Core Engine | |
Reporting | Report Formats | The following report formats are available and exportable via the UX or API:
|
Threat Intelligence | Search | OPSWAT Filescan includes a threat graph and extensive searching capabilities (e.g. a prevalence search to identify other reports that shared the same IOCs within a specified time frame). Example: Advanced Search / Examples |
Storage | On premise: it is stored locally within the on premise instance and no data is shared with third-parties. Cloud: it is stored locally within the managed instance and no data is shared with third-parties. | |
Deployment and Maintenance | Deployment | The deployment is fully automated and takes about 45-60 minutes depending on the internet connectivity. See more in the Installation. Note: the solution may be operated in an air-gapped environment. If an air-gapped deployment is required, an OVF (VMWare) image as “software appliance” can be provided and is available. |
Retention | For the administrator it is possible to configure a retention period (in days). After the retention period is over for a report, all the files which are stored in relation with that report will be deleted. It is also possible to configure if the report itself should be deleted from the system. By default the retention is turned off, the retention period is set to 365 days and report deletion is off. | |
Capability | Zero-Day / Unknown Malware Detection | Due to the “adaptive dynamic analysis” technology, which can manipulate the control flow to always satisfy environment/conditional checks (e.g. geofencing, anti-analysis), OPSWAT Filescan excels at detecting zero-day malware and extracting threat intelligence data (e.g. IOCs). Many great examples are also tweeted on the official Filescan Twitter account. |
Memory Dump Analysis | Yes, we support memory dump analysis. However, only for the initial process. For PEs, we support the following unpackers:
The unpacked payload is then disassembled and all code branches are inspected for API call chains and threat indicators. | |
Sleep Reduction / Anti-Evasion | Both supported. The sleep reduction is implemented within the dynamic analysis modules. Anti-evasion is implemented using adaptive dynamic analysis (see above). | |
Licensing | OEM | Yes, we support OEM and custom logos. Please get in touch with Chad Loeven and his team for details. |
Enterprise | All OPSWAT Filescan SKUs are already available and can be quoted via SFDC. | |
Evaluation | POC | Cloud: filescan.io |
Single-Server Deployment Architecture

More information in the OPSWAT Product documentation (User Guide).
Multi-Server Setup
