Overview MetaDefender Sandbox API Reference Release Notes
Getting Started
Deployment & Usage
Support
Configuration
2.1.0
Search this version
Configuration
Configuration
Architectural Overview
Features
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Basic Features
Copy Markdown
Open in ChatGPT
Open in Claude
Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor
Step #2 - Modify the configuration by adding or modifying the properties on this page
Step #3 - Save the file and restart the sandbox service
Second Stage Malware Detection
Enable file downloads to detect 2nd stage malware downloaded from the Internet
transform.cfg
runFileDownloaders=truerunFileDownloaderDistributedTimeoutMs=60000fileDownloaderMaxFileDownloads=10| Property name | Default value | Description |
|---|---|---|
| runFileDownloaders | true | Main switch to enable file downloads |
| runFileDownloaderDistributedTimeoutMs | 1 minute | Execution timeout |
| fileDownloaderMaxFileDownloads | 10 | Download limit, '0' means no limit. |
Malware Config Extraction
Enable malware config extraction
transform.cfg
malwareConfigExtractionEnabled=truemalwareConfigExtractionMaxInputFileSize=100| Property name | Default value | Description |
|---|---|---|
| malwareConfigExtractionEnabled | true | Switch to enable / disable malware config extraction |
| malwareConfigExtractionMaxInputFileSize | 100 MB | File size limit |
Certificate Extraction
Enable certificate extraction for executable files and PDF documents
transform.cfg
extractCertificates=trueosslExecutionTimeout=30| Property name | Default value | Description |
|---|---|---|
| extractCertificates | true | Switch do enable / disable certificate extraction |
| osslExecutionTimeout | 30 seconds | Execution timeout |
YARA
Enable YARA rule matching
transform.cfg
runYaraRulesOnInputFile=truerunYaraRulesOnExtractedFiles=trueyaraExecutionTimeout=30runYaraRulesOnInputFileMaxFileSizeInMb=100| Property name | Default value | Description |
|---|---|---|
| runYaraRulesOnInputFile | true | Switch to enable / disable YARA rule matching |
| runYaraRulesOnExtractedFiles | true | Execute YARA also on extracted files |
| yaraExecutionTimeout | 30 seconds | Execution timeout |
| runYaraRulesOnInputFileMaxFileSizeInMb | 100 MB | File size limit, '0' means no limit |
Image Text Extraction (OCR)
Enable text extraction from images
transform.cfg
runTesseractOCRForImages=truetesseractExecutionTimeout=10tesseractLimitPerTransform=5| Property name | Default value | Description |
|---|---|---|
| runTesseractOCRForImages | true | Switch to enable / disable OCR |
| tesseractExecutionTimeout | 10 seconds | Execution timeout |
| tesseractLimitPerTransform | 5 | Limit: number of images to process |
QR Code Scan
Enable QR code scan for images
transform.cfg
runQRCodeScanForImages=trueqrCodeScanLimitPerTransform=20| Property name | Default value | Description |
|---|---|---|
| runQRCodeScanForImages | true | Switch to enable / disable QR code scanning |
| qrCodeScanLimitPerTransform | 20 | Limit: number of images to process |
Text Metrics
transform.cfg
generateTextMetrics=truegenerateTextMetricsNGramSize=5generateTextMetricsIncludeTopNGrams=20Enable text metrics generation like entropy, average word size, etc.
| Property name | Default value | Description |
|---|---|---|
| generateTextMetrics | true | Enable / disable text metrics generation |
| generateTextMetricsNGramSize | 5 | Size of collected ngrams |
| generateTextMetricsIncludeTopNGrams | 20 | Number of considered ngrams |
Visualization
Enable image rendering of input file (file preview pages)
transform.cfg
runFileVisualizer=truerunFileVisualizerDistributedTimeoutMs=10000| Property name | Default value | Description |
|---|---|---|
| runFileVisualizer | true | Switch to enable / disable visualization |
| runFileVisualizerDistributedTimeoutMs | 10 seconds | Execution timeout |
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
Static AnalysisSee the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
