Differences Between MetaDefender Core v4 and v5
We are very excited to inform you about the release of version 5.0.0 of our MetaDefender Core!
The new version is designed to enhance the product performance, user experience, as well as to provide more flexibility, security, and scalability for our customers.
At the same time, we are also committed to keeping backward compatibility for whom running MetaDefender Core v4, and avoid the need for updating your client integration to move forward with MetaDefender Core v5.
All public REST API endpoints available on MetaDefender Core v4 will be continously supported on v5.
All product major features available on MetaDefender Core 4.21.2 (the latest one on v4) will be continously supported on v5.
Upgrading from MetaDefender Core v4 to v5 will be supported and covered with data migration without additional manual steps from users.
Licensing information will be also migrated.
Below are some highlights of the first v5 release, MetaDefender Core 5.0.0:
New product architecture
This version introduces a simpler product architecture that speeds up integration and automation, file processing flow, and immensely enhance the product performance and efficiency.
Earlier versions utilized MetaDefender Node concept, designed to support scaling of the scanning infrastructure by distributing scan requests among several different processing Nodes. Product licensing was based on number of Node instances. The benefit of having such a distributed infrastructure is that based on Node loads, Metadefender Core server can always choose the most appropriate Node to assign a new scan task to. However, having nodes in the v4 architecture caused more complexity and possible latency in the processing flow and entailed maintenance cost.
In this release, we retired multi-Node deployment and restructured MetaDefender Core's backend. This alteration significantly improves file processing speed and product efficiency, as well as eliminates extra cost for maintaining node services. Users now can simply install additional MetaDefender Core instances for scalability requirement, as well as configure their own load balancer to coordinate tasks among multiple MetaDefender Core instances. Accordingly, product licensing is now based on number of the product instances.

Please be informed that
- All existing administrative APIs related to "Node" on v4 will be kept as it is on v5 to ensure backward compatibility with existing client integrations.
- Applicable settings defined in Windows registry (Windows) or ometascan-node.conf config file (Linux) for Node will be migrated to Core. Details: MetaDefender Configuration
Brand-new product user interface
The second notable update in this version is a brand-new UI for the management console, which was designed with the focus on the quality and thoughtfulness of the user experience. The new administrative console UI provides an advanced set of Core features and observable processing status.
Comprehensive executive dashboard reporting offers dynamic, real-time and actionable threat insights. It also provides visibility of your security posture allowing you to paint a picture of security that aligns with the overall business. The report includes easy-to-read charts, graphs, and statistic explanation that help your security professionals reduce clutter, gather information quicker, spot threat activity early and act swiftly.

We’re continuing to improve our product UI to provide users an excellent experience with the application and overall usability. Please expect more powerful UI features coming in next releases.
New compression archive engine for archive sanitization
In previous version, MetaDefender Core’s archive engine implemented four functions including decryption, extraction, encryption and compression that with a high volume of files it takes time to process them all. For the purpose of enhancing archive handling performance, this release comes with a separated compression archive engine, which dedicatedly processes archive sanitization (compression and encryption). It is also created to facilitate maintenance and further feature development.
As to respect sanitization practice and ensure unknown threats prevention as designed, now starting on version 5, it's mandatory to have Deep CDR licensed for archive sanitization feature enablement on MetaDefender Core workflow configurations.
The legacy "Archive" engine on MetaDefender Core v4 will be changed its name to "Archive Extraction" engine, even when you are still on MetaDefender Core v4.
A brand new "compression archive engine" is to dedicatedly handle archive sanitization in v5 (archive compression), that helps relevant archive handling performance improvement, easier for maintainance and further feature development.
The legacy "Archive" engine (now name changed to "Archive Extraction" engine) on MetaDefender Core v4.x will still cover both extraction and compression archive tasks as usual.
Even though your MetaDefender Core v4.x might now have a new "Archive Compression" engine auto downloaded, but that engine cannot be deployed (marked as "permanently failed" in relevant engine status check API). This behavior is expected, and not causing any impact to MetaDefender Core processing flow, or its performance though.
- Just in case your client integration has a check for engine status before triggering scan request, then you might want to disable "Archive Compression" engine status on MetaDefender Core v4 using REST API. Detailed instruction: Archive Compression Engine Permanently Failed on MetaDefender Core v4
- When you later upgrade to MetaDefender Core v5 from v4, then you might need to manually re-enable "Archive Compression" engine to make it active and running on MetaDefender Core v5.
For offline deployment (MetaDefender Core is not connected to the Internet directly for online update), you will need to re-activate again on OPSWAT portal to retrieve latest engine list in .yml file including "Archive Compression" engine if you are currently licensed with Deep CDR.
Meanwhile, for online deployment, this manual procedure is not required since MetaDefender Core will cover that itself.
Import & export configurations
Not only workflow settings like in previous versions, but also all other general settings (update, security, data retention, server, hashes to skip) and most importantly, user settings, will be able to export and import on MetaDefender Core version 5.
Learn more at Import/Export configuration
The legacy feature for import & export using /admin/import API endpoint will be still supported, and still expecting to have JSON file exported for workflow related settings only.
Windows Server 2012 and 2012 R2 based installation
Required to install Universal C Runtime in Windows separately before installing MetaDefender Core 5.0.0 or newer.
Windows application event logging disabled by default
Applicable only to Windows OS based MetaDefender Core.
Help avoid duplicated logging with separate file option, and improve overall processing performance. Of course, when being still valid to you, you are still supported to enable it back.
CSRF token header renamed
CSRF token originally created for security strengthening and being used by MetaDefender Core management console UI since version 4.21.0 via header oms_csrf_token
To get it compliant with some load balancers which do not accept underscore in header name by default, and save you from additional load balancer configuration step, we have now changed the header name to oms-csrf-token
This change does not impact to any REST API based client integration.
More comprehensive and accurate error messages on REST APIs
Impacting on following REST API endpoints:
PUT /admin/config/session
PUT /admin/config/update
PUT /admin/config/scan
PUT /admin/config/skip
PUT /admin/config/auditlog
PUT /admin/config/webhook
PUT /admin/config/rule
Upload time and queue time logic updated in JSON scan response
Impacting on following REST API endpoints:
GET /file/{data_id}
GET /hash/{md5/sha1/sha256}
GET /archive/{data_id}
POST /file/{async}
Added new field:
receive_data_timestamp
: The timestamp when upload progress started (first byte received) (in milliseconds)upload_time
: Total time elapsed for upload process (in milliseconds)
Modified existing field (new logic):
The legacy feature for import & export using /admin/import API endpoint will be still supported, and still expecting to have JSON file exported for workflow related settings only.
upload_timestamp
: The timestamp when upload progress finished (all bytes received) (in milliseconds)queue_time
: Total time elapsed for file processing task was waiting in MetaDefender Core’s queue until being picked up (queue time = start_time - upload_ timestamp) (in milliseconds)
Release version 5.0.0 also comes with variety of outstanding features and improvements.
For detailed information about our latest release please view our Release notes