Configuration and Settings

Why are Japanese TXT files detected as "application/octet-stream" instead of "text/plain"?

How to Connect a MetaDefender Core Container to the same instance in Shared Database Mode?

Can local AVs interrupt ongoing scans?

Can I create new workflows?

Can I control access to the RAM disk in MetaDefender Core v5?

Can I view configuration changes on the Core side (audit)?

How can I add a mail server to the Core deployment?

How do I prevent Symantec Endpoint Protection from interfering with the optimal functioning of MetaDefender Core?

How can I find a sanitized file scanned with MetaDefender Core v5?

What is the retry mechanism for MetaDefender Core connecting to the remote Postgres Database?

How to use MetaDefender Core V5 Blocklist/Allowlist feature?

How can I configure the maximum queue size in MetaDefender Core v5 ?

How do I remove an engine from my MetaDefender instance?

How can the Temp folder be changed?

How can I increase parallel count and Max queue size?

How can I change MetaDefender Core Deep CDR's timeout settings?

My scans keep failing due to an exceeded archive file number, how do I determine the number of files in an archive and then configure my process settings accordingly?

Why are password protected archives blocked and how do I unblock them?

How to disable WEB UI file scan without user authentication?

How To Allow Only Certain Files to be Scanned with MetaDefender Core?

How to generate an API key on the Core deployment?

How to Modify the Hostname of Your MetaDefender Core Server and Potential Impact?

What are the permissions on the shared folder for the temp directory?

How to implement a numerical escape function for HTML?

How to reset password for users?

How to Block/Allow Custom Extensions using RegEx?

How to migrate MetaDefender Core from PostgreSQL local to PostgreSQL remote?

How to change Core Web Management Interface Address Port?

Does MetaDefender Core store original files?

Why Japanese characters are not recognized or displayed correctly in archives?

How to install pre-built libgdiplus on RedHat 9?

Does Deep CDR support sanitizing split archives?

How to exclude OPSWAT folder from Anti-Virus Windows Defender?

Where are MetaDefender Core Install Directories and Registry?

Under what circumstances does the scan result not show the username?

How to send MetaDefender Core logs to NAS ( Network Attached Storage ) Path?

Why is a file blocked by Deep CDR or Proactive DLP but I can still download the sanitized version?

Does Deep CDR support Adobe Illustrator (AI) files in PostScript format?

How to add the source IP in scan details?

How do I integrate Jenkins with MetaDefender Core?

Can I apply a new license key before the current one expires?

How to automate backup configuration settings for MD Core? (API)

Why I can't push configuration due to password storage?

How do I install MetaDefender Core in Rocky Linux 9

How to properly configure Syslog Server for MetaDefender Core?

Why MetaDefender Core’s nginx ssl.conf changed to ssl.mdcore.conf?

How to configure SMTP server with authentication under MetaDefender Core to send notification to M365?

How to manage Disk Space Usage in pg_data\base directory in MetaDefender Core for Windows?

What storage type should I use on MetaDefender Core in K8S?

What permissions are needed for the user of the storage of Google Cloud?

How do I setup Hot Swap Backup Configuration between MetaDefender Core instances?

Where are MetaDefender Core Install Directories and Advanced Configurations?

How to retrieve the CRL and OCSP URLs for the Server and ICA Certificates?

Is Import Password Mandatory When Using Ignition File for MetaDefender Core installation?

How does the recursion level work in MetaDefender Core?

How to Configure MetaDefender Core AMI from AWS Marketplace for the POC

How to configure SMTP server without authentication under MetaDefender Core to send notification to M365?

How to Block Files with Double Extensions in MetaDefender Core?

Errors and Troubleshooting

What can I do when MetaDefender Core (Windows) has an insufficient disk space error?

Why is MetaDefender Core unable to connect to the database?

What can I do if MetaDefender shows a high number of files that failed to scan?

What should I do if an engine is in "failed" or "permanently failed" status?

What are the engine clean-up instructions?

Why is the scan stuck in "processing" state on WebScan UI, when the Core Processing History shows that it is already finished?

Why have the ESET and Kaspersky scan engines failed to initialize on the hardened Linux OS?

Why has the Symantec custom engine failed to deploy?

What are common reasons for Deep CDR scan/sanitization failures and how do I fix them?

What do the various error messages mean in MetaDefender Core RestAPI?

Why aren't modules appearing in my MetaDefender Core inventory?

Why does my MetaDefender Core install fail?

Why do you sometimes see a discrepancy between the File Type and MIME Type information?

Why files are not sanitized?

Why am I receiving a “400” error for API file submission?

How to Mitigate Scan Failures in MetaDefender Core Triggered by Real-Time Protection Systems?

How to Resolve MetaDefender Core Service Start-up Failures on IPv6-Disabled Linux Systems?

How to Understand OPSWAT's Multiscanning AV Detection Differences Compared to Other Scanners?

How to Troubleshoot Inaccessible Management Console?

How do I fix module update error “Error parsing metadescriptor, message='Could not download metadescriptor'”?

Why does ClamAV show "permanently failed" after enabling the daemon log file?

How to troubleshoot HTTPS failure on MetaDefender Core?

How to Remove Engines from MetaDefender Core using command line?

How to enable debug logging for MetaDefender Core?

Why did the deployment of the Threat Intelligence Module Fail?

Why did the deployment of the Reputation Module Fail?

Why is MetaDefender Core not starting after moving or deleting the certificates from the initial location?

Why doesn’t CDR detect the JavaScript I appended to a PDF file?

Why Deep CDR is not Sanitizing Files Inside a ZIP?

Why does the “deleteafterimport” error appear when importing an MD Core configuration from standalone mode to shared database mode?

What is the meaning of action_ran and action_failed in JSON scan result?

Why can't I sanitize HEIC files?

How Does TLS 1.0/1.1 Deprecation Affect Compatibility Across OPSWAT Products?

Why can small file changes bypass the Antivirus detection?

How do I verify if MetaDefender products are sending out syslog messages to the syslog server?

How do I fix files being blocked due to unexpected "File type mismatch" verdict?

Why are MetaDefender Core engines permanently failed?

Why Does MetaDefender Core Fail to Connect to the Database After a System Restart?

What do you do if your engine fails to update?

What is causing my Scans to be slow on MetaDefender Core?

What do I do if my modules disappear from the Core UI?

Why Is Core Receiving HTTP 403 or Timeout Errors when downloading engine updates from OCM?

What do I do when licensed engines are not detected despite active licenses?

Why do I receive errors when I upload the Config file in MetaDefender Core?

How to access MetaDefender Core when SSO fails?

Why am I seeing error message "Validation failed" after saving Sandbox module settings?

What Are the Default Credentials for MetaDefender Core on Azure Marketplace VM?

Why does the MetaDefender Core service not start?

Why does Kiosk show "Invalid Core Setup"?

What are the known issues when activating the license for MetaDefender Core?

Why does the Metadefender Core vacuum tool fail to free up space?

Why is the analyzed zip file very large and invalid after running the vacuum tool?

Why is Clam AV not scanning files after configuration changes?

Features and Functionality

How to Use a RAMDISK for the tempdirectory?

Why does ClamAV seem to be slower than other engines?

What temporary folder do Custom Engines use ?

What PDF file annotations are Supported/Non-Supported by MetaDefender Core’s Deep CDR?

What does "Potentially Vulnerable File" result mean?

What CAB files are Supported/Non-Supported by MetaDefender’s Deep CDR?

What are the MetaDefender Core Security Policies and how do they work?

Is Metadefender Core compromised while scanning files?

What is the Queue Mechanism on Metadefender Core?

How does the Post Actions feature work?

How does the External Scanners feature work?

How do I generate and save a MetaDefender Core scan result summary in JSON format?

How and why are my image files altered during processing with Deep CDR and Proactive DLP?

Does MetaDefender Core v5 offer real-time antivirus protection on the system where it is installed?

Does MetaDefender Core v5 Detect the NotPetya Ransomware?

Are there any limitations to the MetaDefender Core scan engines?

Can MetaDefender Core block renamed files (such as renamed .exe files)?

How can I export the processing history from the Core console?

How to Utilize YARA Rules with MetaDefender Core?

What is the Design of MetaDefender Core and Its Protective Measures?

What does the items sanitized/removed count in Deep CDR sanitization report mean?

Why image sanitization doesn't report any object in details?

What are the requirements to process XDW/XBD/XCT files with CDR?

How do we utilize API uploads so the correct file type and sanitization occurs every time?

What are the differences between AVs in OPSWAT and the other services?

Does OPSWAT Use Security Checks on Our Code, Libraries, Credentials, etc?

How to access and analyze detailed scan results for an infected file?

Why MetaDefender Core blocks Sandbox Verdicts that are not marked to be blocked?

How to scan multiple files at once with MetaDefender Core

Is MetaDefender Core able to extract, detect and block malicious embedded macros?

Does OPSWAT provide a file dataset that can be used to evaluate MetaDefender Core's capabilities?

How would discontinuing Threat Intelligence affect customers?

How do I Validate FileType Digital Signature on MetaDefender Core?

How to add custom detection for a file type?

What can I do if MetaDefender Core shows a high number of files that failed to scan?

Why did the required password pop up when scanning an unencrypted file?

How to Test the Syslog Server functionality from MetaDefender Core?

When and how to use “PDF to Image Configuration” Deep CDR feature?

How do I send specific log entries to syslog integration?

How do I send the MetaDefender Core logs in Windows event log?

Does installing an antivirus impact a containerized deployment?

Why does the DeepCDR engine delete the content of the HTML file?

What is the Document Encryption Timeout setting and how does it work?

How do I manually clean up the MD Core engine's local folder?

How can I handle a high CPU load on my Core server

Does MetaDefender Core generate a file download link after all scan sessions?

Can Workflow Settings Be Updated Globally Across Multiple Workflows?

Does MetaDefender Core support Elliptic Curve (EC) Private Key and Certificate for enabling HTTPS?

How to manage false positives in MetaDefender Core?

How to handle split archive files?

What does "Process files even if they are allowlisted" do in the Allowlist workflow settings?

Can MD Core process the attached files in a PDF file?

Feedback and Support

How do I obtain a Trial License for MetaDefender Core?

How long is the support lifecycle for a specific version of MetaDefender Core?

How do I get a False Detection (False Positive or False Negative) corrected?

Licensing, Setup and Deployment

What dependencies does MetaDefender’s Deep CDR for Linux have?

What links, target-services or target host-IPs need to be allowed for Metadefender Core to function accurately?

How do I set up exclusions on my anti-malware software to prevent disruption of the MetaDefender Core scanning process, when my corporate policy does not allow it?

How do I deploy MetaDefender Core to an offline Windows environment?

How do I deploy MetaDefender Core to an offline Linux environment?

Does the Deployment ID change at any time?

How do I activate my offline deployment of MetaDefender Core?

How do I activate/deactivate a MetaDefender Core Deployment via API calls?

How do I update to a new license key on a Metadefender Core server?

What types of licenses are available for MetaDefender Core?

After license renewal does the product activation happen automatically (if the license key is the same)?

How to install .NET 8 Runtime dependencies on Linux Distributions?

What are the List of folders that should be removed after MetaDefender Core uninstallation on Linux?

How to connect LDAP via SSL on Linux

How to Backup and Restore standalone database for MetaDefender Core?

How to install msttcore-fonts on Linux systems?

How to upgrade Amazon Corretto JRE?

Can I activate the product license before the start date?

How to completely uninstall MetaDefender Core?

How to Trust MetaDefender Core’s Self-Signed Certificate When HTTPS Is Enabled?

How are MetaDefender Core AWS AMI images secured and updated?

How to handle high CPU load on MetaDefender Core server?

What will happen to the MD core after the license is expired?

Testing MetaDefender Core

Is there a virus test I could use to test MetaDefender Core engines?

How do I check if "noexec" flag exists on a Linux OS?

How can I run tests to see the different scan results on MetaDefender Core?

Updates, Patches and Bug Fixes

Are scan engine updates automatic?

What operating system patches should be applied to the system hosting MetaDefender Core?

How do I check the update status of MetaDefender Core’s licensed AV scan engines?

What is the frequency of signature/definition updates on MetaDefender Core?

Why does the Deep CDR engine keep failing to update?

What Happens After the Discontinuation of Kaspersky Support for Windows and Linux?

Does a CVE affect MetaDefender Core?

End-of-Life Support for CentOS 7 and RedHat 7 in MetaDefender Core and Engines

End of Life Support for Ubuntu 20.04 and Amazon Linux 2 in MetaDefender Core

Will MetaDefender Core Experience Downtime During Engine Updates?

How to Update Antivirus Engines in MetaDefender Core Manually?

Version Upgrades

Are MetaDefender Core v5 upgrades free?

Are MetaDefender Core version upgrades automatic?

How do I manually upgrade to the latest MetaDefender Core version?

What is the latest MetaDefender Core version?

How to upgrade an End-of-Life [EOL] MetaDefender Core?

Can I upgrade MetaDefender Core from an very old version such as version 4.x.x to the latest version 5.x.x?

Can I upgrade MetaDefender Core from a very old version directly to the latest available?

What is the impact of upgrading MetaDefender Core from version 5.12.0 to 5.13.3?

How to Block Files with Double Extensions in MetaDefender Core?

This article applies to MetaDefender Core releases deployed on Windows and Linux systems.

Overview

By default, Windows may hide the extension of a file, hence an executable “document.pdf.exe” may be displayed as “document.pdf”, potentially mislead users to click on it.

This article describes how to configure MetaDefender Core to block files with double extensions using a regular expression blocklist filter.

Steps to Configure

To block files with double extensions, follow these steps:

In your MetaDefender Core workflow, set up a regular expression rule in the Blocklist settings.
Add the following regex under “Blocklist by filename”: .\w+.\w+$

\.\w+ — matches the first extension, with a preceding dot (.) and any one or more characters (e.g., .pdf, .doc, etc.)
\. — matches the dot before the second extension
\w+ — matches another extension (again, one or more characters)
$ — ensures the match is at the end of the string

Verify the Change

Scan a file using the configured workflow.
Adjust the regex as needed. Consider the following:

Since the rule above is broad, it might block legitimate files, such as archive files “archive.tar.gz” - technically 2 extensions.

You may consider modifying it to block only double extensions files ending in executable types: .\w+.(exe|bat|cmd|scr|pif)$

\.\w+ — matches the first extension (e.g., .pdf, .doc, etc.)
\. — matches the dot before the second extension
(exe|bat|cmd|scr|pif) — matches only known executable extensions
$ — ensures the match is at the end of the string

This matches:

document.pdf.exe
image.jpg.scr
report.doc.bat

But does not match legitimate files such as:

file.exe
archive.tar.gz
notes.txt

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.

Last updated on

Was this page helpful?

On This Page

How to Block Files with Double Extensions in MetaDefender Core?Overview Steps to Configure Verify the Change