What URLs must be whitelisted to allow access to virus definition updates?

To download incremental/full updates for engine definitions, you must allow MetaDefender Core to communicate with the servers listed below. Depending on the scan engines you are using, you may include a subset of the servers.

The following table describes the servers which MetaDefender Core connects to for each corresponding scan engine. Some scan engines have two URLs because MetaDefender Core initially connects to metascan.dl.opswat.com and then redirects to its final destination.

If your firewall or router blocks HTTP redirection (302 status code), you must consult with your administrator to handle this configuration properly.

Note: Server URLs and IPs are subject to change without notification.

Note: Avira version 26150 must use https://metascan.dl.opswat.com/avira2

Avira version 30011 must use https://metascan.dl.opswat.com/avira 3

Engine

URL

PORT

Clamwin

database.clamav.net

:80

ESET

*.dl.opswat.com

:80

Avira

https://*.dl.opswat.com/avira

:443

https://*.dl.opswat.com/avira2

:443

https://*.dl.opswat.com/avira3

:443

AhnLab

*.ahnlab.com

:80

ahnlab.nefficient.co.kr

:80

Total Defense

consumerdownload*.totaldefense.com

:80

Quickheal

*.dl.opswat.com/quickheal1400

:80

BitDefender

upgrade.bitdefender.com/av32bit

:80

 

opswat-*.cdn.bitdefender.net/av32bit

:80

 

https://metascan.dl.opswat.com/bitdefender

:443

AVG

https://*.dl.opswat.com/avg2

:443

K7

updates.k7computing.com

:80

Inca/Nprotect

https://*.dl.opswat.com/nprotect

:443

Zillya!

updateserver.zillya.com

:80

 

down.updateserver2.zillya.com

:80

Virusblokada

https://*.dl.opswat.com/virusblokada

:443

Emsisoft

update.emisisoft.com

:80

dl.emsisoft.com

:80

Frisk/F-Prot

directupdates.f-prot.net

:80

fprot*.ctmail.com

:80

Kaspersky

*.dl.opswat.com/kaspersky

:80

McAfee

update.nai.com

:80

download.nai.com

:80

Symantec

liveupdate.symantec.com

:80

F-Secure

fsbwserver.f-secure.com

:80

Lavasoft

definitionsbd.lavasoft.com

:80

downloadnada.lavasoft.com

:80

Microsoft Security Essentials

v4.windowsupdate.microsoft.com

:80

Nano

updates.nanoav.ru

:80

*.dl.opswat.com/nano (EE)

:80

Trend Micro

*.dl.opswat.com

:80

TM Housecall

*.dl.opswat.com

:80

Netgate

www.ngt.sk/update/*

:80

Ikarus

mirror03.ikarus.at/updates/

:80

mirror01.ikarus.at/updates/

:80

Systweak

updates3.systweak.com

:80

updates4.systweak.com

:80

Fileseclab

fdrfilup.filseclab.com

:80

filup21.dot5hosting.com

:80

filup01.filseclab.com

:80

filup03.filseclab.com

:80

filup04.filseclab.com

:80

filup05.filseclab.com

:80

update3.filseclab.com

:80

Stopzilla

download.stopzilla.com

:80

TGSoft/Vir.IT.

*.virit.net

:80

Sophos

*.dl.opswat.com

:80

Xvirus Personal Guard

*.dl.opswat.com

:80

Cyren

*.dl.opswat.com

:80

IP addresses are not included in the table above because they cannot be guaranteed to remain constant. For example, MetaDefender Core connects to Rackspace CDN which has different hosting servers depending on your location. You must check the IPs of those URLs (*.rackcdn.com). To check the IPs for those URLS, you can use the the nslookup command from the Command Prompt.

Note: You may also need to grant access to the following URLs to allow the software to update itself:

e.g., nslookup c1515002.r2.cf0.rackcdn.com

Antivirus vendors use similar hosting services and therefore the firewall rules should rely on the URLs presented above.

This article pertains to MetaDefender Core v3
This article was last updated on 2019-12-19
CN