10. Release notes

Version v4.13.2

Release date: 21 Nov, 2018

New features:

  • Tiles on Dashboard are linked to the corresponding pages

  • More options to filter Processing History (Post Actions and CDR)

Fixed issues:

  • In case of an engine hangs, the communication channel is blocked between the Node and the Core, so more engines can time out

  • Clean-up mechanism removes files still in use

  • Various engine handling issues

Version v4.13.1

Release date: 31 Oct, 2018

Fixed issues:

  • Yara and DLP tasks are not stopped on cancelling a processing

  • Batch processings cannot be cancelled via web management console

  • "Can't process shared resource file" error message did not contain the file name

Version v4.13.0

Release date: 16 Oct, 2018


  • Yara engine integration

New features:

  • Processing history entries can be colorized

  • Files can be marked as suspicious if less than a given number of engine mark it as infected

  • Processings can be cancelled via web management console

  • Default rules are added for MetaDefender Email Security

  • Bulk operations in quarantine

Fixed issues:

  • Extracted files are left behind

  • On Debian based systems, on upgrades, engines are deleted and disabled engines are re-enabled

Version v4.12.2

Release date: 3 Oct, 2018

Fixed issues:

  • In case of archive processing, sometimes clean-up mechanism removes some extracted files before processing is finished

Version v4.12.1

Release date: 26 Sept, 2018

New features:

  • Files can be whitelisted/blacklisted by their checksums

  • More specific log entries for CDR

Fixed issues:

  • Details of scan result for nested archives (for the file itself not for the content) is not propagated to the top level

  • The value, set in "MAX TOTAL SIZE OF EXTRACTED FILES" is handled incorrectly

  • Older configs cannot be imported into v4.12.0

Version v4.12.0

Release date: 15 Sept, 2018


  • Data Loss Prevention functionality

New features:

  • Possibility to set the number of engines that required to start file processings (per workflow)

  • Possibility to exclude engines from processings (per workflow)

  • Improved user interface performance

  • Possibility to blacklist/whitelist files by file types besides file type groups

  • Re-designed workflow tab list appearance

  • Possibility to set timeout for sessions regardless of user activity

Fixed issues:

  • On Node details page, every issue appears multiple times

  • Despite not detecting any vulnerabilities, the vulnerability tab appears

  • On hash lookup page, empty hash can be searched

  • Sanitized output file name validation can cause user interface stalled

Version v4.11.3

Release date: 30 Aug, 2018

Fixed issues:

  • Whitelist page under Inventory menu does not exist (only UI issue)

Version v4.11.2

Release date: 29 Aug, 2018

New features:

  • The access_log Nginx directive now can be overridden

  • The parallel count parameter now can be set per engine

  • Minor changes on user interface for better user experience

Fixed issues:

  • A critical CSV injection vulnerability in the CSV export functionality (issue reported by Wojciech ReguĊ‚a, SecuRing)

  • Archives can be sanitized even in case of partial processing (e.g. exceeded archive size, exceeded archive file number)

  • In some cases, blocked results can be overwritten by an allowed result with higher priority

  • Inconsistent operation of MetaDefender Cloud integration

  • Typos on the user interface

  • Abandoned files left behind after processings

Version v4.11.1

Release date: 8 Aug, 2018

Fixed issues:

  • Unexpected Core and Node service restart in some corner cases

  • Using remote syslog server slows down the product in case of missing PTR record in DNS

  • Empty files are skipped in archives

  • Incomplete archive extraction issue happened on heavily overloaded systems

Version v4.11.0

Release date: 11 July, 2018

New Features:

  • Exceptions (by mime-type) from whitelist/blacklist

  • New engine page called Technologies

  • Support for user-friendly engine configuration (depends on the engine version)

  • Welcome wizard

Fixed issues:

  • Slow clean-up mechanism

  • Abandoned files after uninstall in Windows

  • Temporary files are left behind after processings

  • Wrong sanitized output file name in some cases

  • Default workflows can be overridden on config import

  • Core crashes

Version v4.10.2

Release Date: 27 June, 2018

Fixed issues:

  • Uninstall not properly cleans the system

  • The "whitelisted" and "blacklisted" results are overriden by "infected" result

  • Node crashes

  • Inconsistent results in case of archive processing: In case of processing an archive more times, the result may be different by cases (infected/exceeded archive file number/exceeded archive size)

Version v4.10.1

Release Date: 23 May, 2018

New features:

  • Data Sanitization engine time-out and retry count is now configurable

  • REST API: process info contains the name of the last scanned file when scanning archive file types

  • REST API: Configurations that may change the final scan result since the time of processing will be included in the process info response (i.e., outdated definitions)

  • Hash based result lookups can be filtered by rule name

Fixed issues:

  • Sanitized DB integrity issue

  • On the dashboard, category names of doughnut charts were truncated

  • In case of archive processing, the "Not scanned" result to a file is not propagated to a higher level (overall verdict)

Version v4.10.0

Release Date: 2 May, 2018


  • Added support for the LDAP directory type

  • Syslog messages can now be sent to multiple log aggregators

  • MetaDefender installers no longer use eicar test files

New features:

  • AD and LDAP directories can now be configured with multiple servers

  • Sanitization failures are marked with a badge in the scan session summary

  • Admin’s will be notified if a third party solution is blocking MetaDefender from working as expected

  • Users can now be granted API keys manually

  • Paginated archive results

  • HTTPS can now be enabled from web management console

Fixed issues:

  • Improved license status info

  • In some cases, sanitized files had faulty names

  • Suspicious scan results were not always at the top of the list in archive file types

  • Inappropriate handling of user rights in the Whitelist page

  • AD group members did not have user profiles

  • Misleading license information

Version 4.9.1

Release Date: 28 February, 2018

New features:

  • New-looking user interface

  • Workflows based on the default one (not edited by workflow editor) will be kept and upgraded on version upgrade in the future

  • It is allowed blacklisted/whitelisted files to be processed

Fixed issues:

  • Security zone: IP address validation

  • Cancelled batches are displayed as in-progress

  • Removing certificates from the inventory caused policies to disappear

  • Memory leak in Node

  • Access via Active Directory is not logged

  • Sluggish pages under Policy menu

Version 4.9.0

Release Date: 13 December, 2017

New features:

  • IPv6 support

  • Global whitelist by hash

  • Whitelist by file type group

  • Display more security related information on dashboard

  • Changed default port for external nodes to 8007

  • New default security rule for Metadefender Secure File Transfer (SFT)

  • Performance tuning of processing history

  • Improved resource handling on Node

  • On Linux, multiple nginx worker processes for better scaling

Fixed issues:

  • Upgrades overwrite existing configuration (IP, port, etc.)

  • Resource folder clean up after data sanitization

  • Update timing settings affect manual updates

  • Poorly handled invalid update files

  • Poorly handled UTF-8 characters in output file name for sanitized files

  • /hash API can give "in progress" result

Version 4.8.2

Fixed issues:

  • Fixed a memory leak caused by failed update download

  • Fixed a possible crash issue at Scan history manual cleanup in case of high load

  • Fixed a memory leak in case of recurrring failed database deployment on Node

Version 4.8.1

Release Date: 5 October, 2017

New features:

  • Improved engine/database update distribution to nodes

  • Improved archive extraction limit handling

  • Improved engine monitoring

  • More precise time duration measurement for requests

  • API for canceling scans (file/batch scans)

  • Option to disable archive extraction of office documents

  • For batch scans, certificate validity interval can be set

  • Improved scan result badge

Fixed issues:

  • Fixed issue of scans stuck in "in progress" state

  • Fixed possible product crash during archive scanning

  • Fixed update bug where incorrect packages left behind

  • Fixed failed quarantine handling

  • Fixed handling unavailable engine during scans

  • Scan result JSON now contains file name in UTF-8 format

  • Limited number of parallel Post Action and External Scanner scripts

  • Archive handling parameters now have upper bound

  • Improved archive handling

  • Archive related failure handling

Version 4.8.0

New features:

  • Quarantine for blocked files

  • Scanning files in batch (REST API)

  • Certificate and key handling for scan batch signing

  • Configurable sanitized file name

  • Post action commands gets the result JSON with final verdict included

  • Increased scan history export interval

  • Improved archive bomb handling

  • Added eng_id to scan_results.scan_details (REST API)

  • Showing in-progress files in "extracted files" list of archives

  • Added "scan_all_result_a" into "extracted_files" (REST API)

Fixed issues:

  • Fixed case insensitive username comparison in Active Directory integration

  • Process workflow revamped (post actions run every time)

  • Fixed non-updated policy user interface after added new user roles

  • Fixed handling of database upgrade errors in linux package installers

  • Fixed error handling when scan target was sent in the body and via filepath (/file REST API)

  • Fixed disconnected ghost node issue displayed on user interface

Version 4.7.2

Issues fixed:

  • Fixed bug that could cause policies to not contain any elements and forbid user to create new items

  • Fixed bug where Core could download older version of engines where newer one was already downloaded

Version 4.7.1

Issues fixed:

  • Fixed upgrade of scan configuration

  • Fixed ghost nodes appeared on Inventory→ Nodes page

Version 4.7.0

New features:

  • Active Directory integration

  • Custom post actions

  • Redesigned user interface

  • External (customer developed) scanner integrations

  • Policies export/import

  • Archive sanitization

  • Individual log message level override

  • Aggregated archive scan result in Scan History

  • Self-lockout protection, admins can not delete themselves

  • gzip and base64 encoding now supported on /file REST API

  • Able to navigate through archive hierarchy

  • Timezone changed to local in log messages

  • Metadefender Cloud integration hostname changed to api.metadefender.com

Issues fixed:

  • Fixed scanning of .lnk files on Windows

  • Fixed blacklisting of Unicode filenames

  • Automatically downloads packages again if the previous download failed

  • Fixed order of extracted files on scan details view

  • Fixed rare temporary file leak during archive scan

Version 4.6.3

Issues fixed:

  • Improved scan result fetching performance for big archives

Version 4.6.2

Issues fixed:

  • Improved archive extraction performance

  • Fixed a race condition in /file/<data id> REST API that could provide access error in some cases

  • Fixed advanced engine config reload for Data sanitization engine

  • Fixed login issue which happened when many login request was initiated concurrently

  • Fixed calculation of extracted file count

Version 4.6.1

New features:

  • List of path for local filescan can be blacklist / whitelist with specific error message on REST

Issues fixed:

  • Invalid external Node listenting IP/port config stops product startup

  • Connection to remote syslog is reactivated on network error

  • If user has no right to use a rule, following rules in order will still be checked

  • sending HEAD request where GET should have been sent will not lead to product crash

  • Ensure resource file deletion on Microsoft Windows when a scan engine locks file further than expected

  • Scan history CSV export uses comma as separator

  • Fixed potential Node service crash when stopping during scanning

  • More specific error message when uploaded file size limit exceeded

  • Fixed a rare race condition in update downloader component

  • Fixed login issue when Core v3 like URL is used by the admin (/management)

Version 4.6.0

New features:

  • Multiple user roles introduced with different access rights

  • Scan Agent has been renamed to Scan Node

  • Role (user group) based rule availability configuration

  • Role based scan result visibility with different level of details exposed

  • Ability to export part of scan history into STIX/Cybox format

  • Ability to export part of scan history into CSV format

  • Filter on rule and source added into Scan history

  • Configurable lockout feature against brute force login attack

  • Official support introduced for Ubuntu 16.04

  • Detection threshold (suppress threat detection if less then X engines detected a threat)

  • Custom engine configuration via user interface

  • Free text search functionality in user guide

  • Suspend engine testing/deployment to Node when 3rd party security software blocks access to malware files

  • Successful login / unsuccessful login / lockout events are logged

  • Option to send engine issue count info during update

  • [REST API] /file/{data_id} response for scan results now contain process info block for extracted files

  • Initiating local scan is faster as no wait for hashing is required

Issues fixed:

  • [REST API] /file/{data_id} blocked reason change to mirror V3 API

  • Fixed handling of archive extraction depth

  • More flexible and stable internal database upgrade when upgrading product

  • Custom engine update timeout increased to one hour to deal with slow engine updates

  • Archive engine fixes (non-ASCII filenames in archive)

  • Engine handling fixes, improved handling of engine deinitialization

  • More precise engine cleanup when removing engines

  • Fixed bug where random connections were rejected every 2 min

  • Fixed bug regarding updates handling (conflicting names)

  • Filesize is now correctly displayed on scan result user interface

  • Support package generator now includes auditlog db

Version 4.5.1

Issues fixed:

  • Fixed possible crash of Agent when there is database which is handled by engine

  • Fixed possible crash of Core that could occur when updating a package

Version 4.5.0

New features:

  • Data Sanitization of files to protect against unknown threats

  • Filetype mismatch detection

  • Improved user interface responsiveness for small screens

  • Real filetype based blacklist option in rules/workflows

  • Improved licensing for offline deployments

  • Added product specific proxy settings in the Linux version

  • Advanced configuration for allowed/blocked file scan result types

Issues fixed:

  • Fixed local scan option user interface for new rules

  • Fixed Scan History auto cleanup collision with manual cleanup

  • Potential issue fixed for update file upload

  • /apiversion interface is added to easily determine REST API compatibility level

Version 4.4.1

New features:

  • Added several features/improvement for better Metadefender Kiosk integration

  • Full audit log about any configuration changes via Web user interface or REST API

  • Able to disable applying update in user configurable time periods

  • Core can act as an update source for OESIS product line

  • Detect if the analyzed binary is a part of any vulnerability detection

  • Improved scan engine status monitoring and auto recovery

  • Custom directory can be set for storing temporary files

  • Able to set up apikey for every user for easier REST API integration

  • Improved hardware detection in license component

Issues fixed:

  • Fixed message content format in Windows Event log

  • Fixed system wide proxy usage on Windows

  • Improved browser cache handling in case of product upgrades

  • Fixed a path specification issue in local file scanning feature on Windows

  • Fixed engine counting on Agent details page (do not count utility type engines)

  • Fixed lost agent connection handling

  • Fixed handling of unsupported Transfer-Encoding on REST API

  • Patched internal nginx web server to fix CVE-2016-4450

  • Fixed archive timeout handling and user interface

  • Fixed scan results in case of archive related findings

  • Improved logging of proxy usage

  • Improved handling of slow file uploads

  • Detailed logging in case of SSL connection issues

  • Improved auto-recovery of engines running under Emulated Windows

Version 4.3.0

New features:

  • Introduced official support for Microsoft Windows 7 or newer and Microsoft Windows Server 2008 R2 or newer

  • Added offline update picker feature to make it easy to apply offline updates without user interaction or scripting

  • Able to scan local files stored on server without transferring the content via REST API

  • Added hardware related info into generated support package

  • Created a framework in Linux version to be able to run Windows scan engines on Linux server

  • Option added to log to a remote syslog server

  • Inventory / Scan Agents page extended with more detailed agent information

  • Parameter workflow renamed to rule in some REST APIs

  • Improved system issue notification on Web Management Console

  • Added detection of 3rd party anti-malware products that break operation of Metadefender Core

  • Improved scan performance of various engine integrations

Issues fixed:

  • Improved documentation of multiple REST APIs

  • Fixed failed scans during some engine or database update

  • Removed unmeaningful database age display of non-anti-malware engines

Version 4.2.0

New features:

  • product name has changed to Metadefender Core

  • able to use scan results from metadefender.com

  • workflow options can be configured from Web Management Console

  • workflow options can be overridden from rule editor window

  • support for system wide HTTPS proxy

  • it is possible to configure maximum file size of scanned files

  • filtering security rule by user agent is now possible

  • eliminate limitations on the size of scanned files

  • improved scan related log messages

  • deployment can now be deactivated on the License page

  • automatic deployment reactivation of online installations if license becomes invalid

  • Metascan v3 URLs (/management and /metascan_rest) are now redirected to the proper v4 URLs

  • check disk space before/during scan requests

Issues fixed:

  • fixed encrypted communication error with activation server on Ubuntu 12.04

  • fixed temporary folder cleanup

  • fixed support data collector scripts

  • do not download database without the corresponding engine package

  • number of engines and maximum file size is now reflect the current status

Version 4.1.0

New features:

  • https support for REST API and for Web Management Console

  • update history to track every database/engine change

  • new option to globally disable or enable specific scan engine

  • reworked result page for archive files

  • user guide is available within the product

  • no scan downtime while updating engine/database (if engine supports)

Issues fixed:

  • more descriptive communication error messages instead of error codes in logs

  • proper handling of update download issues

  • fixed handling of scan engine crashes

  • fixed manual update package upload

  • fixed unwanted warning message after successful activation

Version 4.0.1

New features:

  • new script to help log collection for support

  • inform the user if browser is not HTML5 compatible

  • show a spinner if loading a page takes too much time

  • support lower screen resolution for web interface

  • support for non-ascii character filenames in archives

Issues fixed:

  • fix stability issue in update downloader

  • optimize database queries

  • do not check for updates at product startup if auto update is off

  • fixed a page auto refresh issue with Internet Explorer

Version 4.0.0

New features:

  • Able to to monitor Metascan v4 for Linux instances

  • Able to to monitor Metascan v3 for Windows instances

  • Collect Files scanned and Infections found stats from managed instances

  • Deploy scan engine database updates to Metascan v3 for Windows instances

  • Deploy scan engine and scan engine database updates to Metascan v4 for Linux instances