Recommended System Configuration

Before installing MetaDefender Core, please refer to the recommended minimum system configuration listed below. The requirements are based on a standardized customer deployment and may require more or less resources to achieve the level of performance desired in your environment. Please note that the server specifications are built to allow a high volume daily processing. Please refer to Performance and Load Estimation for more details.

For certain use cases these might be adjusted and customized on specific needs and SLAs. We highly recommend to engage our ProServ team to assist in fine tuning MetaDefender and get the maximum performance out of your systems.

The recommendations below are for MetaDefender Core, API usage only.

For any other use cases, please consult the user guide of the licensed products for accurate recommendations.

Microsoft Windows Deployments

[Windows] Supported Operating Systems

  • Windows 10, 11 IoT (22H2) only for End-User systems (e.g. Kiosk deployments)

    • Based on Microsoft License Terms, you're not allowed to use Windows Desktop as a server, therefore, MetaDefender Core can't be used on these systems for server use cases.

  • Windows Server 2016, 2019, 2022

End-customer is responsible of verifying the OS license agreement and choose the right OS based on their planned usage of MetaDefender.

The resources listed below (CPU, RAM, disk space) are the minimum recommended for MetaDefender Core:

PackageCPU coresFree System RAMFree Disk Space (See more details in Storage Usage Information)
MetaDefender Core 888 GB16 GB (product and engines) + 50GB (temp files during processing) + 100GB (when using local PostgreSQL database)
MetaDefender Core 121616 GB24 GB + 50 GB + 100 GB
MetaDefender Core 161616 GB32 GB + 50 GB + 100 GB
MetaDefender Core 203216 GB40 GB + 50 GB + 100 GB
MetaDefender Core MAX3232 GB120 GB + 50 GB + 100 GB
  • It is suggested to use SSD for system where MetaDefender Core is installed.
  • For a better performance with Deep CDR and Proactive DLP technologies (if licensed), consider adding 8GB RAM, 4 CPU cores (at least 12 CPU cores in total) additionally.
  • SBOM processing requires more disk space, please allow at least 15GB free disk for the engine to work properly.

[Windows] Third Party Dependencies

  • .NET framework 4.5 or above
  • Microsoft Visual C++ Redistributable for Visual Studio 2013
  • Microsoft Visual C++ Redistributable for Visual Studio 2015 (version 14.38 or higher)
  • Microsoft Visual C++ Redistributable for Visual Studio 2017
  • PostgreSQL 12.x (at least 12.3) and 14.x (at least 14.5)
    • Only applicable when using a pre-installed PostgreSQL server running remotely.
    • According to PostgreSQL notice, version 12 will stop receiving fixes on November 14, 2024, so we recommend version 14.

Some engines also have dependencies as described below:

Engine NameDependency
Deep CDRMicrosoft Visual C++ 2017 Redistributable Package (Only applicable to engine version 5.8.0 or above)
ESETMetaDefender Core v4 temporary directory should have more than 200MB free disk space
Adaptive Sandbox (formerly Sandbox)

Embedded Engine

AdawareMicrosoft Visual C++ 2013 Redistributable Package x86
Proactive DLP
  • Microsoft Visual C++ 2017 Redistributable Package (Only applicable to engine version 2.0 or above)
  • .NET 6 dependencies
  • CPU must support AVX2 and SSE4.1 instruction set to use OCR feature
RocketCyberMicrosoft Visual C++ 2015 Redistributable Package x64
ScrutinyMicrosoft Visual C++ 2015 - 2019 Redistributable x86 and x64
Systweak.NET framework 3.5
VirusBlokAdaMicrosoft Visual C++ 2015 Redistributable Package x86
Webroot

Microsoft Visual C++ 2013 Redistributable Package x64

Microsoft Visual C++ 2015 Redistributable Package x64

Xvirus Anti-Malware.NET framework 3.5

[Windows] Installation Details

MetaDefender Core on Windows uses "C:\Program Files\OPSWAT" folder for storing resources or the installation directory.

MetaDefender will use its resources folder to store temp files as part of the analysis. It's recommended to exclude this folder from real-time protection monitoring. Knowledge base:

Linux Deployments

[Linux] Supported Operating Systems

  • CentOS 7
  • Red Hat Enterprise Linux 7, 8, 9
  • Debian 11
  • Ubuntu 20.04, 22.04

Some AV engines could be failed to initialize and run on MetaDefender Core (e.g. ESET, Kaspersky) due to execution permission required by them on /var/tmp/ometascan folder.

Please follow steps at Why have the ESET and Kaspersky scan engines failed to initialize on the hardened Linux OS? for remediation details.

CentOS 7 and Red Hat Enterprise Linux 7 reaches end-of-life on June 30, 2024. Please upgrade to Red Hat 8 or 9 before then to maintain security, as no further updates will be provided.

OPSWAT will extend product functionality support for CentOS 7 and Red Hat 7 until the end of 2024.

End-customer is responsible of verifying the OS license agreement and choose the right OS based on their planned usage of MetaDefender.

The resources listed below (CPU, RAM, disk space) are the minimum recommended for MetaDefender Core:

PackageCPU coresFree System RAMFree Disk Space (See more details in Storage Usage Information)
MetaDefender Core 544 GB10 GB (product and engines) + 50GB (temp files during processing) + 100GB (when using local PostgreSQL database)
MetaDefender Core 1088 GB20 GB + 50 GB + 100 GB
MetaDefender Core MAX1616 GB40 GB + 50 GB + 100 GB
  • It is suggested to use SSD for system where MetaDefender Core resides on.
  • For better performance with Deep CDR and Proactive DLP technologies (if licensed), consider adding 8GB RAM, 4 CPU cores (at least 12 CPU cores in total) additionally.

[Linux] Third Party Dependencies

Dependencies list:

  • openssl
  • grep
  • lib32stdc++6 (>= 4.5)
  • libc6-i386 (>= 2.10)
  • procps
  • zlib1g
  • libcurl3 (>= 7.19.7)
  • libcurl4
  • postgresql-12 (at least 12.3) or 14 (at least 14.5)
    • According to PostgreSQL notice, version 12 will stop receiving fixes on November 14, 2024, so we recommend version 14.

Not all the above dependencies will need to be installed, it is dependent on different Unix distro and version

Some engines also have dependencies as described below:

Engine nameDependency
Archive engineTo extract password protected MS Office files, you need to install .NET 6 dependencies, libgdiplus 6.0.5 or above
Deep CDR
  • CentOS: libgomp, ncurses-compat-libs
  • RedHat 7.x: libgomp, ncurses
  • RedHat 8.x: libgomp, ncurses-compat-libs, libnsl
  • RedHat 9.x: libgomp, ncurses-compat-libs, libnsl, compat-openssl11
  • Ubuntu/Debian: libgomp1, libncurses5
  • libgdiplus 6.0.5 or above (only need if you have file type conversion from documents to images such as DOCX to JPG, ...)
  • .NET 6 dependencies
Adaptive Sandbox (formerly Sandbox)

Embedded Engine:

Filetype engineRedHat 9.x: libnsl
Proactive DLP

libgdiplus, mscorefonts

.NET 6 dependencies

CPU must support AVX2 and SSE4.1 instruction set to use OCR feature

RocketCyberlibgomp

Note: Some dependencies may need to be installed from external repositories, not from the OS default repositories.

[Linux] Installation Details

MetaDefender Core default installation path is using /var folder for storing resources:

  • /var/lib/ometascan : installation folder with all its resources (database, DLP processed / CDR sanitized / quarantined file storage, engine package and definition updates).
  • /var/log/ometascan : application logs.
  • /var/run/ometascan : runtime folder for Core related processes.
  • /var/lib/ometascan : all successful deployed engines data files.
  • /usr/lib/ometascan : all shared libraries required by MetaDefender Core, bundled PostgreSQL server related binaries and libraries.
  • /var/tmp/ometascan/resources : all temporary processing files for MetaDefender Core to process.

Storage Usage Information

Based on the configuration, MetaDefender Core will need additional disk space to store analysis/result data, quarantined files and temporary files:

Data Storage
Analysis Reports (Processing History)

Approximately 4.5GB is required for every 1M analysis reports stored.

  • 100 GB is recommended as a baseline. Database storage requirements are affected by Data Retention settings, engine settings and scanning load.
Quarantined FilesDepends on the customers' dataset and configuration
Sanitized FilesDepends on the customers' dataset and configuration
Temporary processing files

Depends on the customers' dataset and configuration

  • A 1GB non-archive file requires 1GB free disk space at least.
  • A 1GB archive file requires (1 * 2)GB free disk space at least.
  • 50GB is a baseline and should be adjusted based on observation of the solution within the environment, with consideration to peak times and overall file makeup (e.g. complexity, size, archives).
NoteOptions are available to control how large and/or complex files are handled to limit the amount of system resources required. See Workflow Configuration Template for more information.

Custom Engines

The recommendations above are specific for MetaDefender pre-packaged bundles.

However for additional Custom Engines, please review the Knowledge base to review additional requirements (if any) for the selected engine.

Browser Requirements for the MetaDefender Core Management Console

One of the following browsers is suggested to view the MetaDefender Core Management Console:

  • Microsoft Edge
  • Chrome
  • Firefox
  • Safari

Chrome, Firefox, Safari and Microsoft Edge browsers are tested with the latest available version at the time of release.

Network Bandwidth

In online environment where MetaDefender Core is configured to download engine update packages directly from OPSWAT update server source, then using gigabit network speed (125 MB/sec) is highly recommended to avoid potential network related issue while downloading files, or at least 100 Mbps (12.5 MB/sec) network speed.

If you have installed or if you wish to use the MetaDefender Core in a restricted environment, you will have to allow access to the following hosts':

Note: IP address-based allowlisting on your firewall might fail after some time since OPSWAT uses CDN (AWS Cloudfront) to faster delivery updates over the world, and IP address of edge servers might change over time.

Depending on your location, connections with OPSWAT cloud-based servers be forwarded to specific AWS Cloudfront's edge locations, each is assigned with its own unique IP address ranges. You might also need to allow correct AWS Cloudfront's corresponding IP address ranges by referring to https://ip-ranges.amazonaws.com/ip-ranges.json

Even the OPSWAT update servers host updates for all of the available engines we support, sometimes custom engines might try to connect to their own cloud for updates, but this can be disabled in firewall and they will be updated just from OPSWAT cloud servers instead.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Differences Between MetaDefender Core v4 and v5
On This Page
Recommended System ConfigurationMicrosoft Windows Deployments[Windows] Supported Operating Systems[Windows] Recommended System Configuration[Windows] Third Party Dependencies[Windows] Installation DetailsLinux Deployments[Linux] Supported Operating Systems[Linux] Recommended System Configuration[Linux] Third Party Dependencies[Linux] Installation DetailsStorage Usage InformationCustom EnginesBrowser Requirements for the MetaDefender Core Management ConsoleNetwork Bandwidth