Recommended System Configuration

Before installing MetaDefender Core, please refer to the recommended system configuration listed below. Please note that the server specifications are built to allow a high volume daily processing.

For certain use cases these might be adjusted and customized on their specific needs. We highly recommend to engage our ProServ team to assist in fine tuning MetaDefender and get the maximum performance out of your systems.

The recommendations below are for MetaDefender Core, API usage only.

For any other use cases, please consult the user guide of the licensed products for accurate recommendations.

Microsoft Windows Deployments

[Windows] Supported Operating Systems

  • Windows 10, 11 IoT only for End-User systems (e.g. Kiosk deployments)

    • Based on Microsoft License Terms, you're not allowed to use Windows Desktop as a server, therefore, MetaDefender Core can't be used on these systems for server use cases.
  • Windows Server 2012, 2012 R2, 2016, 2019, 2022

Required to install Universal C Runtime in Windows separately before installing MetaDefender Core 5.0.0 or newer.

End-customer is responsible of verifying the OS license agreement and choose the right OS based on their planned usage of MetaDefender.

The following amount of resources (CPU, RAM, disk space) are recommended for MetaDefender Core:

PackageCPU coresFree System RAMFree Disk Space (see more in Storage Usage Information)
MetaDefender Core 888 GB16 GB
MetaDefender Core 121616 GB24 GB
MetaDefender Core 161616 GB32 GB
MetaDefender Core 203216 GB40 GB
MetaDefender Core MAX3232 GB120 GB
  • It is suggested to use SSD for system where MetaDefender Core resides on.
  • For a better performance with Deep CDR and Proactive DLP technologies (if licensed), consider adding 8GB RAM, 4 CPU cores (at least 12 CPU cores in total) additionally.
  • SBOM processing requests large disk space, please prepare at least 15GB free disk for the engine to work properly.

[Windows] Third Party Dependencies

  • .NET framework 4.5 or above
  • Microsoft Visual C++ Redistributable for Visual Studio 2013
  • Microsoft Visual C++ Redistributable for Visual Studio 2015 (version 14.38 or higher)
  • Microsoft Visual C++ Redistributable for Visual Studio 2017
  • PostgreSQL 12.x (at least 12.3) and 14.9
    • Only applicable when using a pre-installed PostgreSQL server running remotely.

Some engines also have dependencies as described below:

Engine NameDependency
Deep CDRMicrosoft Visual C++ 2017 Redistributable Package (Only applicable to engine version 5.8.0 or above)
ESETMetaDefender Core v4 temporary directory should have more than 200MB free disk space
Filescan Sandbox

Embedded Engine

AdawareMicrosoft Visual C++ 2013 Redistributable Package x86
Proactive DLP
  • Microsoft Visual C++ 2017 Redistributable Package (Only applicable to engine version 2.0 or above)
  • .NET framework 4.5 or newer
  • CPU must support AVX2 and SSE4.1 instruction set to use OCR feature
RocketCyberMicrosoft Visual C++ 2015 Redistributable Package x64
ScrutinyMicrosoft Visual C++ 2015 - 2019 Redistributable x86 and x64
Systweak.NET framework 3.5
VirusBlokAdaMicrosoft Visual C++ 2015 Redistributable Package x86
Webroot

Microsoft Visual C++ 2013 Redistributable Package x64

Microsoft Visual C++ 2015 Redistributable Package x64

Xvirus Anti-Malware.NET framework 3.5

[Windows] Installation Details

MetaDefender Core on Windows uses "C:\Program Files\OPSWAT" folder for storing resources or the installation directory.

MetaDefender will use its resources folder to store temp files as part of the analysis. It's recommended to exclude this folder from real-time protection monitoring****__. Knowledge base:

Linux Deployments

[Linux] Supported Operating Systems

  • CentOS 7
  • Red Hat Enterprise Linux 7, 8, 9
  • Debian 9, 11
  • Ubuntu 18.04, 20.04

Some AV enignes could be failed to intialize and run on MetaDefender Core (e.g. ESET, Kaspersky) due to execution permission required by them on /var/tmp/ometascan folder.

Please follow steps at Why have the ESET and Kaspersky scan engines failed to initialize on the hardened Linux OS? for remediation details.

End-customer is responsible of verifying the OS license agreement and choose the right OS based on their planned usage of MetaDefender.

The following amount of resources (CPU, RAM, disk space) are recommended for MetaDefender Core v4:

PackageCPU coresFree System RAMFree Disk Space (see more in Storage Usage Information)
MetaDefender Core 544 GB10 GB
MetaDefender Core 1088 GB20 GB
MetaDefender Core MAX1616 GB40 GB
  • It is suggested to use SSD for system where MetaDefender Core resides on.
  • For a better performance with Deep CDR and Proactive DLP technologies (if licensed), consider adding 8GB RAM, 4 CPU cores (at least 12 CPU cores in total) additionally.

[Linux] Third Party Dependencies

  • Dependencies list:
    • openssl
    • grep
    • lib32stdc++6 (>= 4.5)
    • libc6-i386 (>= 2.10)
    • procps
    • zlib1g
    • libcurl3 (>= 7.19.7)
    • libcurl4
    • postgresql-12 (>= 12.3) or 14 (14.9)

Not all the above dependencies will need to be installed, it is dependent on different Unix distro and version

Some engines also have dependencies as described below:

Engine nameDependency
Archive engineTo extract password protected MS Office files, you need to install .NET 5 dependencies, libgdiplus 6.0.5 or above
Deep CDR
  • CentOS: libgomp, ncurses-compat-libs
  • RedHat 7.x: libgomp, ncurses
  • RedHat 8.x: libgomp, ncurses-compat-libs, libnsl
  • RedHat 9.x: libgomp, ncurses-compat-libs, libnsl, compat-openssl11
  • Ubuntu/Debian: libgomp1, libncurses5
  • libgdiplus 6.0.5 or above (only need if you have file type conversion from documents to images such as DOCX to JPG, ...)
  • .NET 5 dependencies
Filescan Sandbox

Embedded Engine:

Filetype engineRedHat 9.x: libnsl
Proactive DLP

libgdiplus, mscorefonts

.NET 6 dependencies

CPU must support AVX2 and SSE4.1 instruction set to use OCR feature

RocketCyberlibgomp

Note: Some dependencies may need to be installed from external repositories, not from the OS default repositories.

[Linux] Installation Details

MetaDefender Core default installation path is using /var folder for storing resources:

  • /var/lib/ometascan : installation folder with all its resources (database, DLP processed / CDR sanitized / quarantined file storage, engine package and definition updates).
  • /var/log/ometascan : application logs.
  • /var/run/ometascan : runtime folder for Core related processes.
  • /var/lib/ometascan : all successful deployed engines's data files.
  • /usr/lib/ometascan : all shared libraries required by MetaDefender Core, bundled PostgreSQL server related binaries and libraries.
  • /var/tmp/ometascan/resources : all temporary processing files for MetaDefender Core to process.

Storage Usage Information

Based on the configuration, MetaDefender Core could need additional disk space to store analysis data:

Data Storage
Analysis Reports (Processing History)Approximate 4.5GB for each 1M analysis reports is required
Quarantined FilesDepends on the customers' dataset
Sanitized FilesDepends on the customers' dataset
Temporary processing files

Depends on the customers' dataset.

  • A 1GB non-archive file requires 1GB free disk space at least.
  • A 1GB archive file requires (1 * 2)GB free disk space at least.

Custom Engines

The recommendations above are specific for MetaDefender pre-packaged bundles.

However for additional Custom Engines, please review the Knowledge base to review additional requirements (if any) for the selected engine.

Browser Requirements for the MetaDefender Core Management Console

One of the following browsers is suggested to view the MetaDefender Core Management Console:

  • Microsoft Edge
  • Chrome
  • Firefox
  • Safari

Chrome, Firefox, Safari and Microsoft Edge browsers are tested with the latest available version at the time of release.

Network Bandwidth

In online environment where MetaDefender Core is configured to download engine update packages directly from OPSWAT update server source, then using gigabit network speed (125 MB/sec) is highly recommended to avoid potential network related issue while downloading files, or at least 100 Mbps (12.5 MB/sec) network speed.

If you have installed or if you wish to use the MetaDefender Core in a restricted environment, you will have to allow access to the following hosts':

Note: IP address-based allowlisting on your firewall might fail after some time since OPSWAT uses CDN (AWS Cloudfront) to faster delivery updates over the world, and IP address of edge servers might change over time.

Depending on your location, connections with OPSWAT cloud-based servers be forwarded to specific AWS Cloudfront's edge locations, each is assigned with its own unique IP address ranges. You might also need to allow correct AWS Cloudfront's corresponding IP address ranges by referring to https://ip-ranges.amazonaws.com/ip-ranges.json

Even the OPSWAT update servers host updates for all of the available engines we support, sometimes custom engines might try to connect to their own cloud for updates, but this can be disabled in firewall and they will be updated just from OPSWAT cloud servers instead.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard