How to configure automatic scheduled scans using the MetaDefender Client?

  1. MetaDefender Client needs to be configured using the "Sources" tab in the MetaDefender Management Console. This will permit the configurations of parameters of the client configuration. There will be other configurations that need to set manually in the config file later.

images/download/attachments/39335851/KB3-1.PNG

2. Once the MetaDefender Client has been generated, download it onto the Client system from the Web Management Interface under http://8008/#client

images/download/attachments/39335851/client.png

3. Use 7-Zip or similar service to extract the MetascanClient.exe and MetascanClientConf.ini files from the downloaded "MetascanClient.exe".

4. Copy the extracted files to any location on the system where you will be scanning.

images/download/attachments/39335851/extract.png

5. Edit the ini files using the table below. Most of these parameters are meant for the GUI, and won't affect the command line scan.

Variable

Description

maximum_file_size_bytes

The maximum size of files to be scanned (in bytes). Any files with a size (in bytes) greater than this value will be skipped.

Default value is 5242880.

batch_size

The maximum number of files to be scanned per batch. Increasing this value increases the amount of system memory MetaDefender Client will use when scanning files.

Default value is 100.

thread_count

The maximum number of threads to be used in scanning. Increasing this value increases CPU usage by MetaDefender Client and the Metascan Server.

The recommended value is at least 5 times the number of CPUs.

Default value is 10.

scan_location

The directory where MetaDefender Client will scan files. All of the files in this directory and in subdirectories will be scanned. If this value is blank, the entire system drive will be scanned.

Default value is blank (entire system drive will be scanned).

server

MetaDefender server URLs the MetaDefender Client should connect to. If multiple servers are specified, each URL should be delimited by “;” (semi-colon).

Default value is localhost/metascan_rest.

scan_type

Deprecated.

allowed_scan_levels

Determines which scan options a user can choose from.

Value is a comma-separated list of the scan types that are allowed. First value will be used as default scan level for each scan session.

Note: If auto_start is enabled, it will use the first value as scanning.

Possible Values:

0: Custom Scan (user selected files and folders)

1: Fast Scan (Active processes only)

2: Deep Scan (Active processes and associated libraries)

3: Full Scan (scans the full system)

4*: Scan VM image (upload VMware virtual machine directory to MetaDefender server, mount the VM image disk and scan all files)

*Requires MetaDefender 3.8.1 or later. *Virtual image disk must contain a file system that is readable by Windows. A Linux specific file system such as Ext4 is not supported.

Example:

allowed_scan_levels=1,2

Will only allow the user to choose Fast and Deep scans.

timeout

Server response timeout in seconds.

Default Value is 300.

too_big_file_if_kilobytes

Max file size threshold for calculating hashes. If the file exceeds this value, it will be scanned without performing a hash look up.

Default Value is 102400.

6. The following command will need to be used:

MetascanClient.exe server=<server IP address>:8008/metascan_rest auto_start=1 allowed_scan_levels=3 show_ui=0

This command will conduct a full scan of the entire system, and will dump a log file in the same directory as the MetascanClient.exe. The important parameters to use are auto_start=1 and show_ui=0 . That will ensure that the scan will run automatically and is invisible to the user.

The following are other parameters which may be used and changed:

Variable

Description

show_ui

Determines whether the MetaDefender Client User Interface will be displayed.

Possible values:

0: MetaDefender Client will run silently

1: The MetaDefender Client user interface will be displayed to the user

exit_on_clean

Determines whether the MetaDefender Client user interface will exit if all files scanned are clean.

Possible values:

0: MetaDefender Client will not immediately exit after a scan where all files are clean

1: MetaDefender Client will immediately exit after a scan where all files are clean

exit_on_dirty

Determines whether the MetaDefender Client user interface will exit if there are dirty files found during a scan.

Possible values:

0: MetaDefender Client will not immediately exit after a scan where one or more dirty files are found

1: MetaDefender Client will immediately exit after a scan where one or more dirty files are found

auto_start

Determines if the MetaDefender clients will start scanning immediately once application launches.

Possible values:

0: MetaDefender Client will not immediately start scanning

1: MetaDefender Client will immediately start scanning. Note: show_ui=0 will be ignored if auto_start is not set to 1.

auto_save_result

Determines if the scan results should be saved automatically.

Possible values:

0: MetaDefender Client will not save results automatically

1: MetaDefender Client will automatically save scan results at the location where MetaDefender Client is located.

key

API key given by OPSWAT when OPSWAT hosted server is used.

7. Now that the configuration and command line parameters are set. Create a *.bat file with the command that was just created.

images/download/attachments/39335851/scan-bat.png

8. Create a task using the Windows Task Scheduler to run the batch file on a schedule

images/download/attachments/39335851/new-task.png

images/download/attachments/39335851/new-task-2.png

This article pertains to MetaDefender Client 3.0.7 or older
This article was last updated on 2018-03-28.
EF