Release notes

Users will now receive email notifications for detected threats and incidents, providing real-time updates on potential security risks.

• Pre-defined Threats Detected : Defines which scan results, threats, or incidents should trigger a notification. These can include infections, suspicious activities, or the presence of sensitive data.
• Failed-to-Update Engine: Notifies on “Download Failed”, “Permanently Failed”, Temporary Failed”, and “Content Invalid".
• Soon-to-Expire Licensing: Helps avoid service interruptions by facilitating timely license renewals.
• Quarantined Files: Alerts users about files that need review, assisting in managing false positives and potentially malicious files.
• Failed Scans: Monitors the scanning process, prompting rechecks of failed scans to maintain continuity.

Users can now upload CSV files to the "Skip by Hash" list including “Skip Engines”, “Allowlist” and “Blocklist”. It allows users to improve scanning efficiency by focusing resources on potentially harmful files instead of known safe entities.

Introducing a new feature for encrypted file.

Users can define and manage lists of passwords used for file decryption, streamlining the process when handling encrypted or password-protected files.

Refines the user interface for Modules to enhance usability and streamline workflows.

For Archive Files under Block-All-Except, there is an ability to further process predefined child file types and instantly block other child file types.

For example, PDF and PNG child files of ZIP file will be processed, meanwhile, other file types else will be blocklisted.

• Introduced a setting under Deep CDR in workflow rule to set Blocked to original file if sanitization is successful.
• Optimized PostgreSQL query.
• Desktop shortcut of the product now can redirect to HTTPS.
• Users now can specify different workflow rules for files in a batch.
• Introduced an option to include vulnerability information into manifest file.
• An ability to export a specific date range from Processing History.
• Applied a better flow for Sandbox timeout handling.
• outdated_data now can reflect changes related to engine advanced settings.
• Display "Cancelled" for affected AV engines when client cancels a request in the middle.
• Rename Sandbox verdict "INFORMATIONAL" to "NO_THREAT".
• Added smaller options to Data Retention settings.
• Updated name of engines in Health Check settings.
• An ability to change file size unit in Blocklist and Allowlist.

• Enhanced key generation and destruction flow.
• Improved login mechanism for SAML Single-SignOn.
• Upgraded libxml2 to v2.12.9 for vulnerability fix.
• Upgraded protobuf to v3.19.5 for vulnerability fix.

• Upgrade PostgreSQL to v15.8 for vulnerability fix.
• Upgraded libldap to v2.5, python to v3.12.6 for vulnerability fixes.
• Upgraded the preinstalled JRE to v17 in our Docker Images to support new requirement of Adaptive Sandbox v2.0.0+.

• Made some settings' description more informative.
• Implemented minor user interface refinements.

• Fixed an upgrade issue when upgrading from v4.20.0
• Fixed an issue in container environment that product could not deactivate when PostgreSQL instance stopped or terminated.
• Fixed an issue that support package could not collect log files in Windows Server.
• Resolved an issue making temp files sometimes could not be removed when an engine crashed.
• Fixed an issue making obsolete functions for storing Sandbox and SBOM report left after an upgrade.
• Corrected Maximum and Total processed object size in PDF Executive Report.

When using Firefox browser, users sometimes cannot import CSV of hashes to Skip-by-hash feature.

Error message: "File format is invalid. Please upload a CSV file."

This issue is resolved in version 5.11.1.

This issue does not affect all cases when upgrading to v5.11.0.

After applying authentication method scram-sha-256 to enhance security for bundled PostgreSQL, a database connection issue starts occurring after upgrade, in a particular circumstance.

• If application was previously upgraded from version 5.5.1 or older to version 5.6.0 or newer, this issue will occur when users upgrade to version 5.11.0.

We prepare a KB for troubleshooting the issue and bring the system back to work: How to Troubleshoot an Error related to Connection to Database Failing after an Upgrade to v5.11.0?

In the following cases, users will not experience the issue:

• When upgrading directly from version 5.5.1 or older to version 5.11.0.
• When upgrading from a fresh installation of version 5.6.0 or newer to version 5.11.0.

This issue is resolved in version 5.10.1.

Since introduced in v5.8.0, this feature helps improve overall performance and reduce considerable load when processing similar files.

However, we have realized this feature might run slowly in high load against large DB size.

Occurs only in containerized environments.

If the config zip file includes non-empty required_engines setting, MetaDefender Core will reject the import.

Workaround:

1. Extract config zip file.
2. Open "export_settings.json" and set "required_engines" an empty array.
3. Recompress files into a new zip.
4. When executing docker run command, set the following environment variables: MDCORE_HEALTH_CHECK, MDCORE_REQUIRED_ENGINES. For more details, refer to Health check settings.

This issue is resolved in version 5.6.0.

When modifying settings in Workflow Rule, sometimes button "Revert to Default" disappears and cannot work properly. This behavior might be encountered in version 5.5.0.

We have observed that the Engine Update feature may not work properly in an environment that is protected by a [Palo Alto firewall](Palo Alto firewall). In log file, you might find this message "SslHandshakeFailedError".

In case that upgrading to the latest version of MetaDefender Core does not help, please consider setting up MetaDefender Update Downloader product. This product is responsible for downloading engines, and MetaDefender Core will pick and update its engines from there.

This issue is resolved in version 5.5.1.

MetaDefender Core 5.5.0 introduces a lot of changes for supporting UI accessibility. Unfortunately, this leads to an inconvenience issue when displaying Workflow Rule on small/zoomed-in resolution screen. Some tabs at the bottom of the list will not be displayed properly. Workaround: zooming out a little bit on the browser.

This issue is resolved in MD Core v5.5.0 and Archive v6.2.1.

• If using MetaDefender Core 5.4.1, then you can update Archive Extraction engine version to 6.2.1 or newer without waiting for MetaDefender Core 5.5.0 release.
• If using MetaDefender Core 5.4.0 or older, then you can upgrade it to version 5.4.1 or newer, and update Archive Extraction engine to 6.2.1 or newer. If you are not able to upgrade MetaDefender Core, then you should stick around on Archive engine 6.0.2, until you are able to upgrade Core.

This issue is resolved in version 5.4.1.

FileType version 6.0.2 sometimes created malformed data. After being written into PostgreSQL database, those malformed data cause negative impacts to MetaDefender Core v5.4.0 or older:

• Executive Report in Dashboard gets frozen and changed back to zero.
• CPU usage will go too high.
• A dramatical decrease in file processing performance.

If you encounter similar symptoms, please find the following troubleshooting to resolve the issue: Rectify malformed FileType data in PostgreSQL database

MetaDefender Core 5.2.1 or later versions might not function correctly with Red Hat or CentOS operating systems using kernel 372.13.

Red Hat appears to be addressing the kernel issues. Please try upgrading to kernel version 372.26.

In containerized environment, MetaDefender Core 5.2.0 or newer cannot work properly when:

• Linux kernel version of host machine is newer than 4.18.0. This also includes 5.x.y and 6.x.y.
• And Docker base image is CentOS 7.
• And using bundled PostgreSQL (DB_TYPE=local).

Workarounds:

1. Switch to use Docker base image RHEL 8 or Debian.
2. Switch to use a remote PostgreSQL.

On MetaDefender Core 5.2.0 and later versions, OpenSSL 1.x has been replaced by OpenSSL 3.x within the product and its dependencies (PostgreSQL, NGINX) to enhance security and address known vulnerabilities in OpenSSL 1.x.

However, NGINX's implementation of OpenSSL 3.x in MetaDefender Core enforces strong encryption by rejecting all weak cipher suites. It only accepts "HIGH" encryption cipher suites as defined by OpenSSL https://www.openssl.org/docs/man1.1.1/man1/ciphers.html. This means ciphers based on MD5 and SHA1 hashing are no longer supported.

Consequently, if you previously configured MetaDefender Core for HTTPS connections using a weak SSL cipher with your certificate, the service will not start due to NGINX's OpenSSL 3.x security enforcement.

For prevention and remediation before upgrading MetaDefender Core, learn more at HTTPS Failure on MetaDefender Core 5.2.0 (or newer)