What URLs must be whitelisted to allow access to virus definition updates?
To download incremental/full updates for engine definitions, you must allow MetaDefender Core to communicate with the servers listed below. Depending on the scan engines you are using, you may include a subset of the servers.
The following table describes the servers which MetaDefender Core connects to for each corresponding scan engine. Some scan engines have two URLs because MetaDefender Core initially connects to metascan.dl.opswat.com and then redirects to its final destination.
If your firewall or router blocks HTTP redirection (302 status code), you must consult with your administrator to handle this configuration properly.
Note: Server URLs and IPs are subject to change without notification.
Note: Avira version 26150 must use https://metascan.dl.opswat.com/avira2
Avira version 30011 must use https://metascan.dl.opswat.com/avira 3
|
Engine |
URL |
PORT |
|
Clamwin |
database.clamav.net |
:80 |
|
ESET |
*.dl.opswat.com |
:80 |
|
Avira |
https://*.dl.opswat.com/avira |
:443 |
|
https://*.dl.opswat.com/avira2 |
:443 |
|
|
https://*.dl.opswat.com/avira3 |
:443 |
|
|
AhnLab |
*.ahnlab.com |
:80 |
|
ahnlab.nefficient.co.kr |
:80 |
|
|
Total Defense |
consumerdownload*.totaldefense.com |
:80 |
|
Quickheal |
*.dl.opswat.com/quickheal1400 |
:80 |
|
BitDefender |
upgrade.bitdefender.com/av32bit |
:80 |
|
|
opswat-*.cdn.bitdefender.net/av32bit |
:80 |
|
|
:443 |
|
|
AVG |
https://*.dl.opswat.com/avg2 |
:443 |
|
K7 |
updates.k7computing.com |
:80 |
|
Inca/Nprotect |
https://*.dl.opswat.com/nprotect |
:443 |
|
Zillya! |
updateserver.zillya.com |
:80 |
|
|
down.updateserver2.zillya.com |
:80 |
|
Virusblokada |
https://*.dl.opswat.com/virusblokada |
:443 |
|
Emsisoft |
update.emisisoft.com |
:80 |
|
dl.emsisoft.com |
:80 |
|
|
Frisk/F-Prot |
directupdates.f-prot.net |
:80 |
|
fprot*.ctmail.com |
:80 |
|
|
Kaspersky |
*.dl.opswat.com/kaspersky |
:80 |
|
McAfee |
update.nai.com |
:80 |
|
download.nai.com |
:80 |
|
|
Symantec |
liveupdate.symantec.com |
:80 |
|
F-Secure |
fsbwserver.f-secure.com |
:80 |
|
Lavasoft |
definitionsbd.lavasoft.com |
:80 |
|
downloadnada.lavasoft.com |
:80 |
|
|
Microsoft Security Essentials |
v4.windowsupdate.microsoft.com |
:80 |
|
Nano |
updates.nanoav.ru |
:80 |
|
*.dl.opswat.com/nano (EE) |
:80 |
|
|
Trend Micro |
*.dl.opswat.com |
:80 |
|
TM Housecall |
*.dl.opswat.com |
:80 |
|
Netgate |
www.ngt.sk/update/* |
:80 |
|
Ikarus |
mirror03.ikarus.at/updates/ |
:80 |
|
mirror01.ikarus.at/updates/ |
:80 |
|
|
Systweak |
updates3.systweak.com |
:80 |
|
updates4.systweak.com |
:80 |
|
|
Fileseclab |
fdrfilup.filseclab.com |
:80 |
|
filup21.dot5hosting.com |
:80 |
|
|
filup01.filseclab.com |
:80 |
|
|
filup03.filseclab.com |
:80 |
|
|
filup04.filseclab.com |
:80 |
|
|
filup05.filseclab.com |
:80 |
|
|
update3.filseclab.com |
:80 |
|
|
Stopzilla |
download.stopzilla.com |
:80 |
|
TGSoft/Vir.IT. |
*.virit.net |
:80 |
|
Sophos |
*.dl.opswat.com |
:80 |
|
Xvirus Personal Guard |
*.dl.opswat.com |
:80 |
|
Cyren |
*.dl.opswat.com |
:80 |
IP addresses are not included in the table above because they cannot be guaranteed to remain constant. For example, MetaDefender Core connects to Rackspace CDN which has different hosting servers depending on your location. You must check the IPs of those URLs (*.rackcdn.com). To check the IPs for those URLS, you can use the the nslookup command from the Command Prompt.
Note: You may also need to grant access to the following URLs to allow the software to update itself:
e.g., nslookup c1515002.r2.cf0.rackcdn.com
Antivirus vendors use similar hosting services and therefore the firewall rules should rely on the URLs presented above.
This article pertains to MetaDefender Core v3
This article was last updated on 2019-12-19
CN