Release notes

New Features, Improvements and Enhancements

Brand New Technology: OPSWAT Alin

MetaDefender Core introduces a brand new technology called OPSWAT Alin that works alongside Metascan to improve threat detection depth and accuracy.

The new technology analyzes file structures, entropy patterns and semantic relationships using a domain-trained machine learning model to identify potentially harmful files earlier and with greater precision.

Revamped Processing Result Interface

As you can see above, our processing result interface has been redesigned to deliver clearer, more actionable insights, making it easier for administrators and support teams to interpret scan outcomes and take appropriate action.

We have also made it easier for users to know original file type and Deep CDR's converted destination type directly on the processing result screen.

Unified User Interface and Experience of Login and Guest Scan Screens

Login and Guest Scan screens have been unified across MetaDefender platform, bringing the similar feeling for customers of the platform.

Certificate Management Enhancements

Certificate management now allows administrators to upload certificates directly by content, simplifying secure configuration and compliance. You can now add or update certificates by directly uploading certificate content.

Support Package Enhancements

Support packages now include additional log types and process IDs, enabling users to select specific logs and set a maximum log size prior to generating.

Email Notification Enhancement

Email notifications have been improved to support batch aggregation and clearer messaging. This improves reporting efficiency for large-scale processing.

Support for Split Archive Files

MetaDefender Core now supports comprehensive scanning Split Archive file type.

The product accepts individual requests with split-archive parts sent via a new set of API endpoints, reassemble them, then extract and process nested files. Integration instruction at Split archive upload guideline.

Further Enhancements

1) A new synchronization interval setting for My OPSWAT Central Management integration provides greater control over data sync timing.

2) When you create a new workflow rule with Deep CDR enabled, all file types will be activated by default. Note: HTML and TXT, which are reserved for email-specific use cases, will stay unselected.

3) The product now supports teamed NIC (Network Interface Card) configurations, preserving Deployment ID and maintaining stable license activation when network adapters are changed or switched within the team.

4) The response of POST - LoginAPI now will return the header X-Core-Id if custom header is configured. It will help the customers identify which instance behind load balancer users login to.

5) Introduce new metrics regarding disk IO percentage in GET /stat/nodesAPI API, providing better visibility into node performance and potential bottlenecks. Adding disk_stat_info :

• Disk utilization (%): Min-Max value from 0 to 100
• Read speed (Mb/s): Min 0, Max depend on disk
• Write speed (Mb/s): Min 0, Max depend on disk

6) Filtering and exporting processing history is now enhanced with file size and extraction issue filters, allowing users to quickly locate large or small files processed by the system and troubleshoot archive processing events.

7) Roll out a major enhancement for HotSwap-type MetaDefender Core deployments. Now, both local and My OPSWAT Central Management environments handle backup licenses with accurate engine lists, clear status reporting, and smooth configuration management.

Security Enhancements

1) Upgraded libraries for vulnerability fixes:

• Qt v6.8.1
• PostgreSQL v14.20

2) Implements rate limiting on database connection test and save endpoints to mitigate brute-force and abuse risks.

3) Add more length validations for text components in Workflow/Global Configuration to strengthen security and consistency.

4) Update the PDF export process to ensure hyperlinks are rendered as plain text, preventing accidental clicks.

5) Tightening up security for exporting Sandbox JSON and SBOM reports. Previously, it was possible to export these reports without providing a valid and authorized API key. Now, the system strictly validates user permissions and denies unauthorized access.

6) Enhance the validation on SSL certificates for HTTPS connections by rejecting mismatched cert & key, incorrect format, encrypted private key (if no passphrase provided).

Bug Fixes

• Fixed an issue where value of others_time may be negative when processing encrypted document files.
• Applied consistent name validation rules when updating workflows.
• Resolved issues with resetting global configuration for Adaptive Sandbox.
• Corrected a permissions issue where users without full module rights could modify engine configurations.
• Fixed an issue where AV engines would reappear in scan results after Metascan SDK deletion.
• Fixed an issue where AV engines of Metascan SDK could not be fully deleted and cause orphaned subprocesses after removing its database.
• Fixed an issue preventing configuration changes or AV removal when both Metascan SDK and traditional AVs were installed.
• Fixed an issue where files were retained if a download was aborted.
• Improved the accuracy of warning messages when users input invalid API keys.
• Fixed an issue where files in quarantine could not be scanned by Adaptive Sandbox, caused by missing data in the quarantine process.
• Fixed an issue where the password reset email would truncate passwords containing the '<' character.
• Other cosmetic fixes.

Known Limitations