MetaDefender Configuration

IP address of the computer that runs MetaDefender Core to serve REST API and web user interface (* means listening from all interfaces including IP version 4 and 6).

Just in case IP version 6 is not enabled on the system, then changing it to 0.0.0.0 to limit to IP version 4 only.

Default value: *

Designated port number for the web management console and REST interface.

Default value: 8008

Enable reporting of engine issue count. (possible values: "true" or "false")

Default value: true

Directory for DLP-processed database and items.

Default value: [Data directory]/dlp

Directory for quarantine database and quarantined items.

Default value: [Data directory]/quarantine

Directory for sanitized database and sanitized items.

Default value: [Data directory]/sanitized

Support database mode, possible values:

• 0: Not used for now, reserved
• 1: Standalone Core (default)
• 2: Core instance in Cluster deployment
• 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)
• 4: Shared database model (all Core instances will share the same database)

After changed, a Core service restart is required to take effect. Only available starting MetaDefender Core 4.19.2

Full path of a directory to use for storing temporary files rather than using their default directories: /var/tmp/ and /tmp

Users need to prepare this directory in advance.

MetaDefender Core creates a subfolder called ometascanand ometascan/resources in the directory.

Default: /var/tmp/ometascan/resources/

Full path of a logfile to write log messages to.

Default value: /var/log/ometascan/ometascan.log

Level of logging. Supported values are: debug, info, warning, error.

Default value: info

Should only set this key when logfile key is also set accordingly. Supported values:

• 0: All logs are not rotated, except for NGINX log.
• 1 (default mode), enable to rotate log:
  • Rotation process will be performed every day or when file size reaches 1GB.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile.
  • All generated log packages included in MetaDefender Core support package.

Set local timezone for events sending to local syslog server.

Default value: false

Override specific log ids to display them on another level e.g.: "1723:error,663:info"

If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

If true, the log format is Common Event Format.

Default value: false

File name and path to store the NGINX logs. If this value is changed, the /etc/logrotate.d/ometascan should be changed accordingly.

Default value: /var/log/ometascan/nginx-ometascan.log

Define maximum number of concurrent connections allows MetaDefender Core to open to work with PostgreSQL database server. Only available starting MetaDefender Core 4.19.1.

Default value: 10

Full path for MD Core’s data (database, updates etc.) E.g. /var/lib/ometascan/test

Default value: /var/lib/ometascan

When enabled (set to 1), upgrading MetaDefender Core will auto skip migrating history processing data which is usually big in size (only migrate configurations and audit history).

This setting is to save upgrade time when users do not need to migrate entire scan data.

Default value: 0

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines.

Default value: 20

Exception:

• Archive engine (extraction): default = -1 (unlimited)
• Archive engine (compression): default = 20
• Proactive DLP engine: default = 5
• Sandbox engine: default=5

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

• ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20
• 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)
  • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)
  • 7z_compress (parallelcount_7z_compress) : Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20

Fine-tuning this interval between the range of 100-200ms may help stabilize the performance and processing time when dealing with small archive files or office document files under high load.

In case this polling interval is set to out of range (invalid number, < 100, or > 1000), the application cannot start, and an exception will log to system event log.

Default value: 1000

IP address of the computer that runs MetaDefender Core to serve REST API and web user interface (* means listening from all interfaces including IP version 4 and 6).

Just in case IP version 6 is not enabled on the system, then changing it to 0.0.0.0 to limit to IP version 4 only.

Default value: *

Designated port number for the web and REST interface.

Default value: 8008

Enable reporting of engine issue count. (possible values: "true" or "false").

Default value: true

Directory for DLP-processed database and items.

Default value: [installdir]\data\dlp

Directory for quarantine database and quarantined items.

Default value: [installdir]\data\quarantine

Directory for sanitized database and sanitized items.

Default value: [installdir]\data\sanitized

Support database mode, possible values:

• 0: Not used for now, reserved
• 1: Standalone Core (default)
• 2: Core instance in Cluster deployment
• 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)
• 4: Shared database model (all Core instances will share the same database)

After changed, a Core service restart is required to take effect. Only available starting MetaDefender Core 4.19.2

Full path of a directory to use for storing temporary files.

Users need to prepare this directory in advance.

MetaDefender Core creates a subfolder called resources in this folder.

Default: <installation directory>\data\resources

Level of logging. Supported values are: debug, info, warning, error.

Must set value on this key when logfile key is also set accordingly.

This setting is only applicable on Windows only (on Linux, we use built-in OS log rotation). Should only set this key when logfile key is also set accordingly. Supported values:

• 0: Core logs are not rotated.
• 1 (default mode), enable to rotate log:
  • Rotation process will be performed every day or when file size reaches 1GB.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile.
  • All generated log packages included in MetaDefender Core support package.

Level of event viewer logging. Supported values are: debug, info, warning, error.

Default value: info

Set local timezone for events sending to local syslog server.

Default value: false

Override specific log ids to display them on another level e.g.: "1723:error,663:info".

If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

If true, the log format is Common Event Format.

Default value: false

File name and path to store the NGINX logs.

Default value: [installdir]\nginx\nginx.log

This setting is only applicable on Windows only (on Linux, we use built-in OS log rotation). Should only set this key when nginx_logfile key is also set accordingly. Supported values:

• 0: Nginx logs are not rotated.
• 1 (default), enable to rotate log:
  • Rotation process will be performed every day, regardless of file size.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: nginxlog.log-20200330.gz), all saved in same location with what you set in nginx_logfile.
  • All generated log packages included in MetaDefender Core support package

Define maximum number of concurrent connections allows MetaDefender Core to open to work with PostgreSQL database server. Only available since MetaDefender Core 4.19.1.

Default value: 10

Full path for MD Core’s data (database, updates etc.) E.g. D:\custom_path

Default value: <MD Core installation folder>\data

When enabled (set to 1), upgrading MetaDefender Core will auto skip migrating history processing data which is usually big in size (only migrate configurations and audit history).

This setting is to save upgrade time when users do not need to migrate entire scan data.

Default value: 0

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines

Default value: 20

Exception:

• Archive engine (extraction): default = -1 (unlimited)
• Archive engine (compression): default = 20
• Proactive DLP engine: default = 5
• Sandbox engine: default=5

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

• ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20
• 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)
  • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)
  • 7z_compress (parallelcount_7z_compress) : Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20

Fine-tuning this interval between the range of 100-200ms may help stabilize the performance and processing time when dealing with small archive files or office document files under high load.

In case this polling interval is set to out of range (invalid number, < 100, or > 1000), the application cannot start, and an exception will log to system event log.

Default value: 1000