Release Notes for v1.9.3

Date: 26 March, 2024

Added:

  • Python Unpacking & Decompilation for PyInstaller, Nuitka, and py2exe
  • Extended the malware configuration extractor to support the Cobalt Strike malware family
  • Included disassembly of exported functions for Windows binaries
  • Threat indicator to flag when executable files have two different sections with the same section name
  • Extraction of VBA macro code from DWG files (shown as OLE Stream in File Details section)
  • Support for MITRE Att&ack technique mapping from Yara rule metadata
  • New DotnetInfo tab in the File Details section for .NET executables
  • Added the “auditor” role, which functions as a read-only admin role
  • MISP integration options in Admin Settings, see details at MISP
  • Added support for new Sandbox installations on Ubuntu 22.04 (it will be possible to upgrade the OS on older installations with the next major release coming later in 2024)

Changed:

  • Improved proxy handling and proxy related bug fixes, see configuration details at Proxy Usage
  • Enhanced script language detection using the guesslang library
  • Fine-tuned several threat indicators to reduce false positive ratio
  • Return "Unknown" verdict if no threat indicators are generated for URL and file submissions
  • Improved detection for phishing calendar invites
  • Enhanced recursive analysis of active content containers (email, Office documents, PDF, etc.)
  • Improved scan process for corrupt OLE2 documents
  • Return HTTP 429 responses to new scan requests when the scan queue is full
  • Long-running scans are cancelled after user-defined timeout
  • Show queue count statistics in Admin Panel/Statistics/Jobs/Scan Health
  • Enhanced system resilience by continuing interrupted scans after a queue restart
  • Improved URL rendering to bypass simple human verification check boxes (e.g. Cloudflare)

Fixed:

  • Resolved issues with license actions (deactivation, inconsistent states)
  • Fixed several issues with existing threat indicators (ELF binaries, URL extraction, EML)
  • Enhanced Application Security measures, especially for URL emulation
  • Invitation links should work even if the "Sign up" feature is disabled
  • Extended functional tests for the Webservice API and resolved potential runtime issues
  • Fixed simple search not working for tags, e.g. #html
  • URL preview should be displayed automatically on URL details page
  • Only execute Similarity Search if the original verdict matches the specified configuration
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Previous change logs

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Release Notes for v1.9.3