2.4.3. Archive Handling

The Archive Handling configuration determines how archives are handled within Metadefender Core. If archive handling is enabled, Metadefender Core extracts archives and scans the individual files within the archive.

  • Most common archive formats are supported, including Zip, 7z, Jar, rar, rar5, tar, ISO, Gzip, CAB, ARJ, LZH, RPM, DEB, LZMA, WIM, SFX, XZ. Metadefender Core can also extract self-extracting archives created by both 7zip and WinRAR.

  • MS Office file (from 2007) by default are treated as archive files when scanning. This can be disabled in the Workflow editor in the Archive section. See screenshot below:
    images/download/attachments/28652928/image2016-12-1_15_33_27.png

The following settings apply if archive handling is enabled:

Property

Description

Default Value

CLI config

Additional info

Enable Archive Handling

Enables Metadefender Core’s archive library handling.

Enabled

le=<0|1>

 

Max Recursion Level

The maximum depth that Metadefender Core will continue to extract archives for scanning. After this depth is reached, Metadefender Core does not extract further archives but scans those archives as entire files.

5

rl=<levels>

Maximum value: 2147483646

Number of Files

The maximum number of files that can be in an archive that Metadefender Core is extracting. If the number of files in an archive exceeds this value, Metadefender Core returns the result as a potential threat.

50

an=<number>

Maximum value: 2147483646

Total Size

The maximum total size of files that can be in an archive that Metadefender Core is extracting. If the total size of files in an archive exceeds this value, Metadefender Core returns the result as a potential threat.

2 GB

as=<size in MB>

Maximum value:

Half the current available free space of the Metadefender Core temporary directory.

If two temporary directories are set from different drives, the highest available space will be used.

Simultaneous

Specifies if multiple archive files undergo extraction concurrently. This will increase speed of archive file extraction performance while disk space usage on temporary directory and disk I/O will increase which may impact overall performance drop. In other words, enable only if disk I/O has high capacity and enough disk space to handle temporary files.

Disabled

ec=<0|1>

 

Self-Extracting

Specifies whether self-extracting archives should be extracted and treated as archives.

Disabled

sx=<0|1>

 

Scan Original Un-extracted File

In addition to scanning files inside of an archive after extraction, un-extracted archives are sent directly to engines for scanning.

Note: If “extract_archive” for an engine is enabled, this potentially exposes performance overhead because extraction happens twice, once by Metadefender Core and once by the engine.

Disabled

soa=<0|1>

 

Microsoft Office Documents

Specifies whether or not Microsoft Office Files will be treated as archive files or as a regular file.

Enabled

eod=<0|1>

 

Note: Microsoft Office Documents (e.g., DOCX files) are detected as archive files by default. If you would like to scan the Office file itself, OPSWAT recommends that you either enable the option to scan the original un-extracted archive or disable the option to detect these files as archives. Please note that you WILL NOT get extracted file details if the option to treat Office documents as archives is disabled.