11.1 Archived release notes

Version v4.16.3

Release Date: 16 Oct, 2019

New features:

  • Support new header (metadata) for file submission API

  • Enhance MetaDefender Core service starting procedure

  • Enhance engine update procedure

  • Remove restriction on Core version retrieval REST API

Fixed:

  • MetaDefender Core service on Linux could not be started when running on FIPS mode

  • MetaDefender Core service could be unexpectedly restarted when engines repeatedly crashed

  • Uninstalling MetaDefender Core did not terminate its processes properly (nginx)

  • Password protected document could not be decrypted properly for data sanitization

  • Uninstalling MetaDefender Core did not clean up its leftover data folder

Version v4.16.2

Release Date: 10 Sep, 2019

New features:

  • Restrict APIs based on user roles (configurable)

  • Support displaying and filtering username on processing history UI

  • Enhance logging with Yara matched rules appended

  • Upgraded nginx web server component to latest version 1.16.0

  • Add new scan result - Unsupported file type

  • Refined JSON output when users want to quarantine items which are already in quarantined folder

  • Updated UI (minors)

Fixed:

  • In-progress files could be deleted mistakenly, causing failures when scanning

  • Engines repeatedly disable and re-enable

  • File processing could be stuck until archive timeout value reached

  • Non UTF-8 characters were not displayed correctly when exporting process history via UI

  • Dependency installation issue on Ubuntu 18 & Debian 9

Version v4.16.1

Release Date: 12 Aug, 2019

New features:

  • Supported to pin & unpin engines and their database on the UI to prevent auto update being applied

  • Gently handled timeout on Archive and Deep CDR engines

  • New logging mode for archive processing troubleshooting

  • Enhanced logic for non-archive file processing

  • Limited number of characters on some applicable text fields on the UI

  • Enhanced security with unquote service exploit

Fixed:

  • Node crash issue when under high load

  • Issue with resource manager with in-use temp files

  • Memory leaking issue on archive engine process

  • Memory leaking issue on Node process

  • Batch handling issue causing failure on batch

  • Stuck scan issue at 5% when parallelcount_7z_extract is set with definitive number

  • Detection issue on Proactive DLP engine with regrex rule applied

  • UI issue where Yara result is not displayed

  • UI visibility issue on Internet Explorer (IE) web browser

  • Some other minor UI issues

  • Wrong timezone set on exported CSV scan report

Version v4.16.0

Release Date: 08 July, 2019

New features:

  • Proactive DLP engine (ver 2.0) integration

  • Password policy enforcement

  • Support archive partial sanitization for Vault and Email integration

  • New REST API for local update server source

  • Better handle archive sanitization timeout

  • Support configurable settings for archive extraction and compression parallel count

  • Enhance syslog message format

  • Retouch UI

  • Better logging with timeout on engines

  • Enhance logic to apply engine definition files

Fixed:

  • Wrong outcome when archive engine process unexpectedly stopped

  • Wrong UI result on sanitization timeout

  • Memory leak issue on engine package uploading

Version v4.15.2

Release Date: 19 June, 2019

Fixed:

  • Stability issue

    • Potential deadlock issue on batch scan handling prevents querying batch information

  • Usability issue

    • Enhanced error log messages when the engine process is terminated due to engine timeout

    • Exposed log messages on warning level when there is an archive extraction failure

Version v4.15.1

Release Date: 06 June, 2019

New features:

  • Partial sanitization use-case for archive file types

  • Clarified error messages for terminated engine processes

  • New REST API for cleaning up idle batch scans

  • UI improvement

  • License EULA update

Fixed:

  • Stability issue

    • Potential memory handling issue that could cause the node service to crash

    • Empty and read-only files are no longer extracted

  • Usability issue

    • Not able to remove abandoned temp. files of archive files when they are empty and read-only

  • Security issue

    • AD user credential is not masked properly on the audit log while sending over to AD server for authentication

  • Scanning batch REST API issues

  • Engine custom configuration

  • UI issues

    • Dashboard refresh button sometimes did not work as expected

    • List of processing records didn't show when changing "number records per page" while not staying at first page

    • Not user-friendly error messages when adding duplicate hashes to a backlist

    • Typos on the UI

Version v4.15.0

Release Date: 06 May, 2019

New features:

  • Data Sanitization details displayed on Core management console

  • User password recovery and reset enforcement

  • API rate limiting

  • Support Windows Server 2019 (The support is still on beta)

  • Suspicious results returned by engines are now configurable to be handled as a different circumstance (infected, ignore)

  • Improve usability

    • Return zero for definition dates on non-AV engines' database

    • "Select all" option added to the Data Sanitization page

  • Improve handling on node

    • Improve cleanup mechanism on nodes to avoid deleting files in use

    • Improve validation process when starting the node service, support to try creating temp. folder with a configurable timeout

Fixed:

  • Fixed stabilization issues that possibly caused Node services to crash

  • Scan batch API closing issues

    • No longer returns total time of -1 in response

    • Should not randomly fail due to " 400 - One or more scan is still in progress" even when all linked scans already finished

  • Upgrading Core when installed in a non-default installation path prevented users from choosing another folder path by mistake

  • UI issues

    • The "Process File" button no longer disappears in case of sanitization failed

    • Max recursive level under archive handling tab must equal 1 or greater

    • non-Unicode file name displayed on web scan UI encoded properly

  • Sanitizing empty archive file no longer returns failed

Version v4.14.3

Release Date: 01 Apr, 2019

New features:

  • Support built-in integration with OPSWAT Central

  • New setting for archive sanitization timeout

  • Add process time field into CSV exported history report

  • Effectively wipe out necessary data from support package

  • Revamp Inventory UI page with "Utilities" group

  • More relevant REST error message for scan request where file is non-existed / inaccessible

  • Syslog message for scan-finish event more comprehensive

  • Consolidated scan info for archive scan result fetching

  • Add libcurl4 as alternative dependency to libcurl3 for better support on Ubuntu 18.04

  • Outputs and indicators for Threat Intelligence feature on Quarantine UI page more relevant and informative

Fixed:

  • Node becomes unstable under high load processing

  • Closing batch with ongoing scans could result in failed verdict on batch

  • Inconsistent behavior with password protected document

  • Temporary files are not cleaned up when cancelling an ongoing scan

  • Inconsistent returned error message between batch and file scanning via REST

  • DLP verdict returns incorrect value for some cases

  • Logs in support package did not handle non-Unicode characters

Version v4.14.2

Release Date: 28 Feb, 2019

New features:

  • New result page, n ew look and more informative badge

Fixed:

  • Engine configurations could not be saved

  • Make error message more relative for case where file exceeded the size limit

  • Pinning engines and their databases independently

Version v4.14.1

Release Date: 31 Jan, 2019

Fixed:

  • Missing "pinned" option from "/stat/packages" JSON response

  • Inconsistent "progress_percentage" and "result" values

  • Hash validation (blacklist/whitelist)

  • Upload performance

Version v4.14.0

Release date: 19 Dec, 2018

New features:

Version v4.13.2

Release date: 21 Nov, 2018

New features:

  • Tiles on Dashboard are linked to the corresponding pages

  • More options to filter Processing History (Post Actions and CDR)

Fixed issues:

  • In case of an engine hangs, the communication channel is blocked between the Node and the Core, so more engines can time out

  • Clean-up mechanism removes files still in use

  • Various engine handling issues

Version v4.13.1

Release date: 31 Oct, 2018

Fixed issues:

  • Yara and DLP tasks are not stopped on cancelling a processing

  • Batch processings cannot be cancelled via web management console

  • "Can't process shared resource file" error message did not contain the file name

Version v4.13.0

Release date: 16 Oct, 2018

Important:

  • Yara engine integration

New features:

  • Processing history entries can be colorized

  • Files can be marked as suspicious if less than a given number of engine mark it as infected

  • Processings can be cancelled via web management console

  • Default rules are added for MetaDefender Email Security

  • Bulk operations in quarantine

Fixed issues:

  • Extracted files are left behind

  • On Debian based systems, on upgrades, engines are deleted and disabled engines are re-enabled

Version v4.12.2

Release date: 3 Oct, 2018

Fixed issues:

  • In case of archive processing, sometimes clean-up mechanism removes some extracted files before processing is finished

Version v4.12.1

Release date: 26 Sept, 2018

New features:

  • Files can be whitelisted/blacklisted by their checksums

  • More specific log entries for CDR

Fixed issues:

  • Details of scan result for nested archives (for the file itself not for the content) is not propagated to the top level

  • The value, set in "MAX TOTAL SIZE OF EXTRACTED FILES" is handled incorrectly

  • Older configs cannot be imported into v4.12.0

Version v4.12.0

Release date: 15 Sept, 2018

Important:

  • Data Loss Prevention functionality

New features:

  • Possibility to set the number of engines that required to start file processings (per workflow)

  • Possibility to exclude engines from processings (per workflow)

  • Improved user interface performance

  • Possibility to blacklist/whitelist files by file types besides file type groups

  • Re-designed workflow tab list appearance

  • Possibility to set timeout for sessions regardless of user activity

Fixed issues:

  • On Node details page, every issue appears multiple times

  • Despite not detecting any vulnerabilities, the vulnerability tab appears

  • On hash lookup page, empty hash can be searched

  • Sanitized output file name validation can cause user interface stalled

Version v4.11.3

Release date: 30 Aug, 2018

Fixed issues:

  • Whitelist page under Inventory menu does not exist (only UI issue)

Version v4.11.2

Release date: 29 Aug, 2018

New features:

  • The access_log Nginx directive now can be overridden

  • The parallel count parameter now can be set per engine

  • Minor changes on user interface for better user experience

Fixed issues:

  • A critical CSV injection vulnerability in the CSV export functionality (issue reported by Wojciech ReguĊ‚a, SecuRing)

  • Archives can be sanitized even in case of partial processing (e.g. exceeded archive size, exceeded archive file number)

  • In some cases, blocked results can be overwritten by an allowed result with higher priority

  • Inconsistent operation of MetaDefender Cloud integration

  • Typos on the user interface

  • Abandoned files left behind after processings

Version v4.11.1

Release date: 8 Aug, 2018

Fixed issues:

  • Unexpected Core and Node service restart in some corner cases

  • Using remote syslog server slows down the product in case of missing PTR record in DNS

  • Empty files are skipped in archives

  • Incomplete archive extraction issue happened on heavily overloaded systems

Version v4.11.0

Release date: 11 July, 2018

New Features:

  • Exceptions (by mime-type) from whitelist/blacklist

  • New engine page called Technologies

  • Support for user-friendly engine configuration (depends on the engine version)

  • Welcome wizard

Fixed issues:

  • Slow clean-up mechanism

  • Abandoned files after uninstall in Windows

  • Temporary files are left behind after processings

  • Wrong sanitized output file name in some cases

  • Default workflows can be overridden on config import

  • Core crashes

Version v4.10.2

Release Date: 27 June, 2018

Fixed issues:

  • Uninstall not properly cleans the system

  • The "whitelisted" and "blacklisted" results are overriden by "infected" result

  • Node crashes

  • Inconsistent results in case of archive processing: In case of processing an archive more times, the result may be different by cases (infected/exceeded archive file number/exceeded archive size)

Version v4.10.1

Release Date: 23 May, 2018

New features:

  • Data Sanitization engine time-out and retry count is now configurable

  • REST API: process info contains the name of the last scanned file when scanning archive file types

  • REST API: Configurations that may change the final scan result since the time of processing will be included in the process info response (i.e., outdated definitions)

  • Hash based result lookups can be filtered by rule name

Fixed issues:

  • Sanitized DB integrity issue

  • On the dashboard, category names of doughnut charts were truncated

  • In case of archive processing, the "Not scanned" result to a file is not propagated to a higher level (overall verdict)

Version v4.10.0

Release Date: 2 May, 2018

Important:

  • Added support for the LDAP directory type

  • Syslog messages can now be sent to multiple log aggregators

  • MetaDefender installers no longer use eicar test files

New features:

  • AD and LDAP directories can now be configured with multiple servers

  • Sanitization failures are marked with a badge in the scan session summary

  • Admin’s will be notified if a third party solution is blocking MetaDefender from working as expected

  • Users can now be granted API keys manually

  • Paginated archive results

  • HTTPS can now be enabled from web management console

Fixed issues:

  • Improved license status info

  • In some cases, sanitized files had faulty names

  • Suspicious scan results were not always at the top of the list in archive file types

  • Inappropriate handling of user rights in the Whitelist page

  • AD group members did not have user profiles

  • Misleading license information

Version 4.9.1

Release Date: 28 February, 2018

New features:

  • New-looking user interface

  • Workflows based on the default one (not edited by workflow editor) will be kept and upgraded on version upgrade in the future

  • It is allowed blacklisted/whitelisted files to be processed

Fixed issues:

  • Security zone: IP address validation

  • Cancelled batches are displayed as in-progress

  • Removing certificates from the inventory caused policies to disappear

  • Memory leak in Node

  • Access via Active Directory is not logged

  • Sluggish pages under Policy menu

Version 4.9.0

Release Date: 13 December, 2017

New features:

  • IPv6 support

  • Global whitelist by hash

  • Whitelist by file type group

  • Display more security related information on dashboard

  • Changed default port for external nodes to 8007

  • New default security rule for Metadefender Secure File Transfer (SFT)

  • Performance tuning of processing history

  • Improved resource handling on Node

  • On Linux, multiple nginx worker processes for better scaling

Fixed issues:

  • Upgrades overwrite existing configuration (IP, port, etc.)

  • Resource folder clean up after data sanitization

  • Update timing settings affect manual updates

  • Poorly handled invalid update files

  • Poorly handled UTF-8 characters in output file name for sanitized files

  • /hash API can give "in progress" result

Version 4.8.2

Fixed issues:

  • Fixed a memory leak caused by failed update download

  • Fixed a possible crash issue at Scan history manual cleanup in case of high load

  • Fixed a memory leak in case of recurrring failed database deployment on Node

Version 4.8.1

Release Date: 5 October, 2017

New features:

  • Improved engine/database update distribution to nodes

  • Improved archive extraction limit handling

  • Improved engine monitoring

  • More precise time duration measurement for requests

  • API for canceling scans (file/batch scans)

  • Option to disable archive extraction of office documents

  • For batch scans, certificate validity interval can be set

  • Improved scan result badge

Fixed issues:

  • Fixed issue of scans stuck in "in progress" state

  • Fixed possible product crash during archive scanning

  • Fixed update bug where incorrect packages left behind

  • Fixed failed quarantine handling

  • Fixed handling unavailable engine during scans

  • Scan result JSON now contains file name in UTF-8 format

  • Limited number of parallel Post Action and External Scanner scripts

  • Archive handling parameters now have upper bound

  • Improved archive handling

  • Archive related failure handling

Version 4.8.0

New features:

  • Quarantine for blocked files

  • Scanning files in batch (REST API)

  • Certificate and key handling for scan batch signing

  • Configurable sanitized file name

  • Post action commands gets the result JSON with final verdict included

  • Increased scan history export interval

  • Improved archive bomb handling

  • Added eng_id to scan_results.scan_details (REST API)

  • Showing in-progress files in "extracted files" list of archives

  • Added "scan_all_result_a" into "extracted_files" (REST API)

Fixed issues:

  • Fixed case insensitive username comparison in Active Directory integration

  • Process workflow revamped (post actions run every time)

  • Fixed non-updated policy user interface after added new user roles

  • Fixed handling of database upgrade errors in linux package installers

  • Fixed error handling when scan target was sent in the body and via filepath (/file REST API)

  • Fixed disconnected ghost node issue displayed on user interface

Version 4.7.2

Issues fixed:

  • Fixed bug that could cause policies to not contain any elements and forbid user to create new items

  • Fixed bug where Core could download older version of engines where newer one was already downloaded

Version 4.7.1

Issues fixed:

  • Fixed upgrade of scan configuration

  • Fixed ghost nodes appeared on Inventory→ Nodes page

Version 4.7.0

New features:

  • Active Directory integration

  • Custom post actions

  • Redesigned user interface

  • External (customer developed) scanner integrations

  • Policies export/import

  • Archive sanitization

  • Individual log message level override

  • Aggregated archive scan result in Scan History

  • Self-lockout protection, admins can not delete themselves

  • gzip and base64 encoding now supported on /file REST API

  • Able to navigate through archive hierarchy

  • Timezone changed to local in log messages

  • Metadefender Cloud integration hostname changed to api.metadefender.com

Issues fixed:

  • Fixed scanning of .lnk files on Windows

  • Fixed blacklisting of Unicode filenames

  • Automatically downloads packages again if the previous download failed

  • Fixed order of extracted files on scan details view

  • Fixed rare temporary file leak during archive scan

Version 4.6.3

Issues fixed:

  • Improved scan result fetching performance for big archives

Version 4.6.2

Issues fixed:

  • Improved archive extraction performance

  • Fixed a race condition in /file/<data id> REST API that could provide access error in some cases

  • Fixed advanced engine config reload for Data sanitization engine

  • Fixed login issue which happened when many login request was initiated concurrently

  • Fixed calculation of extracted file count

Version 4.6.1

New features:

  • List of path for local filescan can be blacklist / whitelist with specific error message on REST

Issues fixed:

  • Invalid external Node listenting IP/port config stops product startup

  • Connection to remote syslog is reactivated on network error

  • If user has no right to use a rule, following rules in order will still be checked

  • sending HEAD request where GET should have been sent will not lead to product crash

  • Ensure resource file deletion on Microsoft Windows when a scan engine locks file further than expected

  • Scan history CSV export uses comma as separator

  • Fixed potential Node service crash when stopping during scanning

  • More specific error message when uploaded file size limit exceeded

  • Fixed a rare race condition in update downloader component

  • Fixed login issue when Core v3 like URL is used by the admin (/management)

Version 4.6.0

New features:

  • Multiple user roles introduced with different access rights

  • Scan Agent has been renamed to Scan Node

  • Role (user group) based rule availability configuration

  • Role based scan result visibility with different level of details exposed

  • Ability to export part of scan history into STIX/Cybox format

  • Ability to export part of scan history into CSV format

  • Filter on rule and source added into Scan history

  • Configurable lockout feature against brute force login attack

  • Official support introduced for Ubuntu 16.04

  • Detection threshold (suppress threat detection if less then X engines detected a threat)

  • Custom engine configuration via user interface

  • Free text search functionality in user guide

  • Suspend engine testing/deployment to Node when 3rd party security software blocks access to malware files

  • Successful login / unsuccessful login / lockout events are logged

  • Option to send engine issue count info during update

  • [REST API] /file/{data_id} response for scan results now contain process info block for extracted files

  • Initiating local scan is faster as no wait for hashing is required

Issues fixed:

  • [REST API] /file/{data_id} blocked reason change to mirror V3 API

  • Fixed handling of archive extraction depth

  • More flexible and stable internal database upgrade when upgrading product

  • Custom engine update timeout increased to one hour to deal with slow engine updates

  • Archive engine fixes (non-ASCII filenames in archive)

  • Engine handling fixes, improved handling of engine deinitialization

  • More precise engine cleanup when removing engines

  • Fixed bug where random connections were rejected every 2 min

  • Fixed bug regarding updates handling (conflicting names)

  • Filesize is now correctly displayed on scan result user interface

  • Support package generator now includes auditlog db

Version 4.5.1

Issues fixed:

  • Fixed possible crash of Agent when there is database which is handled by engine

  • Fixed possible crash of Core that could occur when updating a package

Version 4.5.0

New features:

  • Data Sanitization of files to protect against unknown threats

  • Filetype mismatch detection

  • Improved user interface responsiveness for small screens

  • Real filetype based blacklist option in rules/workflows

  • Improved licensing for offline deployments

  • Added product specific proxy settings in the Linux version

  • Advanced configuration for allowed/blocked file scan result types

Issues fixed:

  • Fixed local scan option user interface for new rules

  • Fixed Scan History auto cleanup collision with manual cleanup

  • Potential issue fixed for update file upload

  • /apiversion interface is added to easily determine REST API compatibility level

Version 4.4.1

New features:

  • Added several features/improvement for better Metadefender Kiosk integration

  • Full audit log about any configuration changes via Web user interface or REST API

  • Able to disable applying update in user configurable time periods

  • Core can act as an update source for OESIS product line

  • Detect if the analyzed binary is a part of any vulnerability detection

  • Improved scan engine status monitoring and auto recovery

  • Custom directory can be set for storing temporary files

  • Able to set up apikey for every user for easier REST API integration

  • Improved hardware detection in license component

Issues fixed:

  • Fixed message content format in Windows Event log

  • Fixed system wide proxy usage on Windows

  • Improved browser cache handling in case of product upgrades

  • Fixed a path specification issue in local file scanning feature on Windows

  • Fixed engine counting on Agent details page (do not count utility type engines)

  • Fixed lost agent connection handling

  • Fixed handling of unsupported Transfer-Encoding on REST API

  • Patched internal nginx web server to fix CVE-2016-4450

  • Fixed archive timeout handling and user interface

  • Fixed scan results in case of archive related findings

  • Improved logging of proxy usage

  • Improved handling of slow file uploads

  • Detailed logging in case of SSL connection issues

  • Improved auto-recovery of engines running under Emulated Windows

Version 4.3.0

New features:

  • Introduced official support for Microsoft Windows 7 or newer and Microsoft Windows Server 2008 R2 or newer

  • Added offline update picker feature to make it easy to apply offline updates without user interaction or scripting

  • Able to scan local files stored on server without transferring the content via REST API

  • Added hardware related info into generated support package

  • Created a framework in Linux version to be able to run Windows scan engines on Linux server

  • Option added to log to a remote syslog server

  • Inventory / Scan Agents page extended with more detailed agent information

  • Parameter workflow renamed to rule in some REST APIs

  • Improved system issue notification on Web Management Console

  • Added detection of 3rd party anti-malware products that break operation of Metadefender Core

  • Improved scan performance of various engine integrations

Issues fixed:

  • Improved documentation of multiple REST APIs

  • Fixed failed scans during some engine or database update

  • Removed unmeaningful database age display of non-anti-malware engines

Version 4.2.0

New features:

  • product name has changed to Metadefender Core

  • able to use scan results from metadefender.com

  • workflow options can be configured from Web Management Console

  • workflow options can be overridden from rule editor window

  • support for system wide HTTPS proxy

  • it is possible to configure maximum file size of scanned files

  • filtering security rule by user agent is now possible

  • eliminate limitations on the size of scanned files

  • improved scan related log messages

  • deployment can now be deactivated on the License page

  • automatic deployment reactivation of online installations if license becomes invalid

  • Metascan v3 URLs (/management and /metascan_rest) are now redirected to the proper v4 URLs

  • check disk space before/during scan requests

Issues fixed:

  • fixed encrypted communication error with activation server on Ubuntu 12.04

  • fixed temporary folder cleanup

  • fixed support data collector scripts

  • do not download database without the corresponding engine package

  • number of engines and maximum file size is now reflect the current status

Version 4.1.0

New features:

  • https support for REST API and for Web Management Console

  • update history to track every database/engine change

  • new option to globally disable or enable specific scan engine

  • reworked result page for archive files

  • user guide is available within the product

  • no scan downtime while updating engine/database (if engine supports)

Issues fixed:

  • more descriptive communication error messages instead of error codes in logs

  • proper handling of update download issues

  • fixed handling of scan engine crashes

  • fixed manual update package upload

  • fixed unwanted warning message after successful activation

Version 4.0.1

New features:

  • new script to help log collection for support

  • inform the user if browser is not HTML5 compatible

  • show a spinner if loading a page takes too much time

  • support lower screen resolution for web interface

  • support for non-ascii character filenames in archives

Issues fixed:

  • fix stability issue in update downloader

  • optimize database queries

  • do not check for updates at product startup if auto update is off

  • fixed a page auto refresh issue with Internet Explorer

Version 4.0.0

New features:

  • Able to to monitor Metascan v4 for Linux instances

  • Able to to monitor Metascan v3 for Windows instances

  • Collect Files scanned and Infections found stats from managed instances

  • Deploy scan engine database updates to Metascan v3 for Windows instances

  • Deploy scan engine and scan engine database updates to Metascan v4 for Linux instances