12.4 MetaDefender Core archived release notes

Version v4.19.0

Release Date: 27 Aug 2020

New features:

  • New Database Management System (PostgreSQL) to replace SQLite

    • PosgreSQL is now MetaDefender Core's new database management system to replace its predecessor SQLite. That expects to step by step help the product easily scale out, network based database support, gain better performance, migrate high load bottleneck and native high availability. MetaDefender Core supports users to create a local PostgreSQL server running in the box, or allow leveraging a pre-installed remote PostgreSQL server.

      Data migration auto runs in background upon product uprade.

      For large database migration, MetaDefender Core comes with a web-based data migration to walk users through quick steps to move all your SQLite data to PostgreSQL at ease.

  • FIPS-140 security compliant

    • We are now FIPS-140 compliant with a new support for RSA186-4 on OpenSSL

  • Native proxy management with authentication support

    • MetaDefender Core now will allow users to control proxy settings for product (instead of using system configuration), and also support authentication for proxy which is not possible on older Core versions.

      That comes with a UI configuration support on MetaDefender Core management console.

  • Harden Nginx web server settings for security

    • Secure MetaDefender Core web server even more based on nginx vendor guideline to protect your MetaDefender server from being vulnerable (i.e. cross site scripting, MIME sniffing, TLSver 1.1 or below forbidden)

      Still we keep all supported functionalities working as expected.

  • Nginx web server statistics (on web server report)

    • Support to enable better statistics for the HTTP Server for web server healthcheck and debugging.

  • Origin client source address retrieval when running via load balancer

    • MetaDefender Core now will be able to retrieve your origin client source address even when the client communicates over a load balancer.

  • Enhanced search for processing history page

    • Searching by attributes represented via corrensponding column on the list.

  • Enhanced user experience on statistics page

    • Instant statistics processing data calculated and visualized on UI

  • Logic improvement to handle better against sanitization timed out

    • New logic implemented on MetaDefender Core to offload concurrent tasks on Deep CDR engine, and to reduce sanitization timed out as a result.

  • Enhanced log messages

    • Log events enhanced with more sufficient and clear information, easier for traceability while troubleshooting.

  • Pre-check mode for file submission

    • Refuse file upload immediately when MetaDefender Core does not have enough disk space to handle, expecting to hit error 400. This is to avoid wasting upload time on big files.

  • Sanitized file information appended into JSON scan result

    • Including sanitized file size and its SHA-256 hash value.

  • Blacklist overidden on nested files within archive

    • New configurable setting to allow overridening blacklist enablement on nested files within an archive.

  • New engine sweeper tool bundled into the product

    • New engine sweeper troubleshooting tool tailored for PostgreSQL, and now it is bundled into MetaDefender Core product (not a separate download tool).


  • Setting inputs validation

    • Threat detection threshold, wizard password and SSO profile settings affected.

  • Batch signature sometimes contained redundant characters

    • That could make signature becomes invalid.

  • Processing time of nested files in archive not calculated correctly

    • Processing time of nested files could be very big due to incorrect caculation (but actually they are processed much faster).

  • Statistics page to support multiple users simultaneously

    • The statistics UI now could handle multiple users query at the same time.

  • Proactive DLP timeout setting mistakenly reset upon engine restart

    • The setting was reset back to default value (3 minutes).

Version v4.18.0

Release Date: 26 May 2020

New features:

  • Single Sign On (SSO) Authentication

    • Additional to already-supported various authentication models (Local, Active Directory, LDAP), now MetaDefender Core also supports authentication using SSO with widen integration coverage for most of Identity Providers (IDP) via SAML 2.0 and OpenID Connect 1.0 standard support.

  • Brand New MetaDefender Core API Guide (Sample Codes Available)

    • Brand new design and standardized API documentation (following OpenAPI V3 specification), auto-generated sample codes on various programming languages supported helps your API integration even easier.

  • Database Defragmentation and Optimization

    • When your scan database grows big, it might cause performance degradation (e.g. timeout on client requests). Now MetaDefender Core administrators can be notified on the UI (also warning logs), and you are supported to perform database defragmentation and optimization including multiple stages to vacuum and defrag your database without loss of actual scan data.

      As a result, your database file size could be reduced which helps boost processing performance tremendously over usage time.

  • Comprehensive Statistics On Processing Data

    • Featured in an interactive UI help you gain deeper insights on your processing filtered by every workflow rule, breaking down into each file type. Last but not least, you are also supported to select time range to calculate statistics data.

  • Data Reporting (Business Intelligence)

    • When enabled, MetaDefender Core will auto-sync your historic processing data to OPSWAT dedicated servers. That helps us gain more visibility on your processing load and how our product is being used, and thus we could improve our product to accommodate your use-case better. You are supported to customize which piece of information should be shared with OPSWAT, and when to share.

      By default, this feature is disabled to respect your privacy rights and save performance impact.

  • Webhook Continuous Improvement

    • New setting mode to control callback timeout and retry (configurable via REST API)

    • Stability improvement to avoid being stuck on callback and crashing on Node service

  • High Load Processing Improvement

    • When running under high load, file type usually returns "Not Available" caused by various reasons. Product logic enhanced to elaborate causes, and improved stability on the product.

      We keep working on this matter to ensure our customers have the most stable product running under high load as much as possible.

  • Configurable Behavior On Archive Extraction Failure

    • Configurable settings on workflow rule to let you tweak and decide MetaDefender Core final scan verdict when a processing archive file failed to extract for some reasons.

      The default selection on each designated extraction failure reasons (invalid file structure, extracted partially,...) will be different on each workflow rule depending on use-case characteristics. Please make sure you are aware of the new settings and adjust them accordingly tailored to your security demand.

  • Archive Extraction Failure Exposure

    • Archive extraction failure reasons exposed to both REST API response and UI.

  • Encryption on Archive & Document Sanitized Files

    • Help retain password protection on supported archive and document files (.zip, .7z, .pdf, MS Offices) upon sanitized successfully.

  • Sanitization Forensic Details Enhancement

    • When sanitized successfully, an even more comprehensive forensic available on both UI and REST API level letting you know all processed object details (e.g. what exact hyperlink was sanitized).

  • Processing File Information Enhancement (File Type Category)

    • File type category is now available on REST API response along with other already-supported file information.

  • MetaDefender Core Log Rotation Experience Improvement

    • This feature is now enabled by default applicable to both upgrade and fresh install scenario.

  • Workflow Rule For MetaDefender For Secure Storage

    • With the best practice to serve MetaDefender For Secure Storage use-case, we have a new dedicated workflow rule with designated configurations.

  • Archive Processing Result Retrieval API Enhancement

    • Applicable to pagination fashion polling GET /stat/log/scan?first={start_item}&size={number_of_items_next} , now the action ran information available in JSON response

  • FIPS Object Module 2.0 Bundled

    • Operating product in FIPS mode enabled on Operating System


  • File Scanning Process Stuck

    • When the custom engines stopped its process for reasons (updating while scanning / crashed), the running scans on Core could not be finished and stayed at 95% forever.

  • MetaDefender Core Service Crashed (Webhook Mode)

    • When using webhook mode, and callback can't be sent back to client, the MetaDefender Core service could be crashed.

  • Memory Leak While Updating Engines Automatically

    • The memory could be leaked on ometascan-node process while updating engines in online mode.

  • Scan Details Missing From Recursive Scan Results

    • While fetching scan results on all nested files in big archive file GET /archive/{data_id} the "scan_details" field from the top-level root archive was empty.

  • Input Field Overflow On Management Console UI

    • Preventing invalid values putting in UI configuration controls (Deep CDR, Archive)

  • Archive Timeout File Skipped For Scanning

    • None of AV engines actually scanned archive file when archive timeout occurred

Version v4.17.3

Release Date: 06 Apr 2020

New features:

  • Configurable setting to run database optimization

    • Database optimization has been introduced since Core 4.17.0 to help run database queries faster. The downside is while running (for a few seconds), Core queries hold up causing possibly timeout on client side.

      This new setting allows users setting specific time to run database optimization task (to avoid peak hours), or just disable to prevent this task from running (to avoid performance degradation while running). Learn more how to configure: 3.2.1. Startup Core Configuration

  • Scan database rollback mechanism

    • In some circumstances (e.g. Core crashes, out of disk/memory etc.), the atomicity of product database could be compromised causing inconsistent processing scan history returned. Rollback mechanism helps retain that atomicity of database.

  • Logging improvement with configurable settings

    • Log rotation for Core, Node, Nginx web server logs (Configurable settings supported). Learn more how to configure: 3.2.1. Startup Core Configuration and 3.2.2. Startup Node Configuration

    • More comprehensive support package (to include engine and database info, Nginx web server info).

    • More informative log message on sanitization related tasks.

    • Sensitive info redacted (on debug level logging mode).

    • Performance impacted warning on both MetaDefender Core GUI and logs when the scan database (ometascan.db.sqlite) starts growing up big (>10 GB).

  • Webhook mode continuous refinement

    • Retry to send scan results to client upon network interim disconnected.

    • Resend file scan results to client after Core service restarted.

  • New download mechanism for Processing History on MetaDefender Core management console

    • Support IE / Edge web browsers to download processing history report.

  • MetaDefender Drive use-case better support when engine packages corrupted

    • Support to re-new engine packages to re-download engine packages again when corrupted (due to upon unexpected reboot).

  • Central Management v7 support to revert download source when unhooked

    • Respect skipped scan settings (Whitelist / Blacklist) to keep backward compatibility, and also save Core resource for processing files as well.

  • RoleIDs JSON field validated when creating / modifying user

    • Effective to POST /admin/user and POST /user endpoint REST APIs. Role ID value must be an array of strings according to current user guide.

  • Account name value validated on Core wizard setup

    • Effective to "Admin User Setup" screen during wizard setup, "Account name" validated against special characters (e.g. @ & \)

  • Better support for sanitized file download when under load

    • When under load and certain circumstance with system write failed, the sanitized download on the same file might return 404 HTTP response (not found) to client. Enhanced our Core caching mechanism to ensure next time sanitization on the same file will not rely on the previous failed time.

  • Minor UI changes

    • Hide "Edit Workflow" button in "Workflow Templates Management" screen

    • Remove space between date and time in "Definition date" field on "Modules" screen


  • Data tunnel between Node and engines could be lost under high load

    • When occurred, expecting to see " process communication timed out" message repeatedly in Node log, and none of engines could be able to scan files.

  • Node crashed when swapping engines during update

    • Node could be crashed under certain circumstances, applied to swapping engine instances during update.

  • File processing was stuck at 95%

    • Encountered when custom engine stopped its process, all of running tasks on that engine becomes stuck, or when ClamAV engine can't return consistent scan result during its engine update.

  • Overflow issue with unexpected inputs

    • Overflow value issue could occur within product causing unexpected behavior or result.

  • Unexpected result with non-ASCII password protected document scanning

    • When occurred, document file could not be sanitized properly.

  • Proactive DLP displayed wrong result within archive scanning

    • When occurred, Proactive DLP engine could return misleading result (Not scanned) while archive file processing result is "Sensitive Data Found".

  • Session expired on IE / Edge web browser

    • When session cleared out, authenticated users could be logged out repeatedly due to session expired error on MetaDefender Core management console.

Version v4.17.2

Release Date: 03 Mar 2020

New features:

  • Quarantine cleanup task no longer blocks Core service starting procedure

  • Empty file submission is no longer be blocked at REST API level

    • Retain same behavior on Core 4.16.3 or older, to support back some corner use-cases from MD Kiosk and ICAP

  • Custom engine initialization enhancement

    • Increased timeout to 10 minutes to support engine deployment on under-specs hardware (formerly 1 minute)

  • Processing history report enhancement

    • Added "username" column to the processing history export from MD Core

  • Validation mechanism on file scan and batch init REST API changed

    • When using via REST API, no longer validate session cookie, only API key header is validated when exists (same behavior on Core 4.16.3 or older)

  • Configurable Proactive DLP timeout is supported

    • Support to adjust timeout for Proactive DLP handling (formerly fixed on 3 minutes)

  • Respecting whitelist and blacklist configurations

    • Respect skipped scan settings (Whitelist / Blacklist) to keep backward compatibility, and also save Core resource for processing files as well.

  • Response for POST /login no longer returns cookie back to client

    • When using via REST API, by default the response for POST /login no longer returns cookie back to client (same behavior on Core 4.16.3 or older, to avoid breaking F5 LTM scenario with cookie header is auto added)

  • Removing failed dummy scan results on Core processing history UI due to upload failure

    • When file upload is failed for some reasons (e.g. network corrupted) between clients and MD Core, dummy record results are still available and displayed on Core processing history UI, but actually MD Core never processed those files, and client never got results from MD Core on those files. Those dummy records will be removed since this version to avoid misleading.


  • Deadlock could possibly happen when engine update task is timed out

    • When encountered, all files happens in "Failed" result with "Not available" result for file type analysis after timeout hit (~ 70 seconds), and only Node service relaunched can bring the scanning be operational back.

  • Node service could be crashed when archive engine crashed

    • When archive engine crashed for some reasons, Node service could be crashed as well (but not happened all the time)

  • Core and Node service could be crashed when under high load

    • Core and Node service could be crashed when under high load

  • Archive file extraction when timed out, or failed to extract, the original archive itself could not be scanned by AV engines

    • When archive extraction hits timeout or failed to extract, the original archive itself could not be scanned by AV engines

  • Core could return 404 not found HTTP(S) response to client for sanitized file download API request

    • When processing the same file many times on Core, it could return 404 not found HTTP(S) response to client (e.g. MD Email) due to file sync issue between Core and Node

  • Memory leak issue on Core process

    • The process ometascan could be leaked on memory with auto update mode enabled and Proactive DLP engine is enabled

  • Anonymous user can't submit file scan to MD Core web scan UI

    • When not logged in, anonymous user can't submit file scan to MD Core web scan UI (error: Invalid session ID given)

  • Core service can't restart due to configurations corrupted while running Proactive DLP engine

    • Core service can't restart due to configurations corrupted while running Proactive DLP engine

  • Document files inside sanitized password protected archive file could not be sanitized

    • When document file is also treated as an archive file, there was a bug on archive compression level calculation to prevent document files not being sanitized inside original archive file

  • Timeout on hash calculation task resulted as Blocked regardless of "override scan results classified as allowed" setting

    • When this task timed out, regardless what users set on "override scan results classified as allowed" setting, the final verdict were "Blocked"

  • Webhook continuous fixes and updates

    • Duplicated callbacks returned to client

    • Support retry mode for sending callback to client (when client is temporarily unresponsive etc.)

    • Enhance validation callbackurl header against IP version 6 and domain format

  • Minor UI fixes

    • Added margin to bottom edge of scan result UI

    • Name of rights under user management did not match to Inventory

Version v4.17.1

Release Date: 06 Jan 2020

New features:

  • Archive extraction details

    • Available on both scan result UI and

  • Advanced engine configurations enhancement

    • UI interactive and schema based for advanced engine settings

  • Proactive DLP engine integration enhancement

  • MetaDefender Cloud integration enhancement

    • MetaDefender Cloud API version 4 upgraded

  • Engine integration enhancement to avoid product crash

  • User validation update for file and batch processing

    • File scan and batch init endpoint API is now validated on API key input when that key information is available.

  • More ready for adding password back to sanitized archive and document files

  • Minor UI update


  • Core could become unavailable to clients when under high load

    • Data communication channel between Core and Node service could be broken when under high load

  • Processing giant files (> 50 GB) could be stuck at hash calculation

    • Hash calculation with pre-set timeout value (10 minutes) could be exceeded when processing giant files (> 50 GB) and then stuck at 5% forever

  • Scan could be failed with "not available" result for File type analysis when under certain circumstances

  • Memory leak issue on Core process

  • Temporary files not cleaned up when archive extraction timed out

  • Webhook continuous fixes and updates

    • Redundant warning log messages populated even when not using webhook mode

    • Core could be crashed itself when trying to close a not-found bath with callback

    • Callback sent to client with wrong status when Core is restarted

  • Visibility level smaller than full details might break batch result display

  • Minor UI fixes

    • The field "File Password" on the file processing UI not cleared up after empty file selected

Version v4.17.0.1

Release Date: 27 Nov 2019


  • Deadlock issue on batch handling

    • Under certain circumstances, a deadlock issue could encounter locking database from being queried (timeout on REST requests)

Version v4.17.0

Release Date: 14 Nov 2019

New features:

  • Callback URL (Webhooks) for file and batch scanning (to avoid polling result from client)

    • Support for individual file and batch scanning to eliminate polling mechanism i.e. MetaDefender Core will notify client based on designated / configurable callback URL whenever an individual scan finished or a batch can be closed.

  • Security enhancements

    • Harden MetaDefender Core management console against security vulnerabilities found on pen-test's result

  • Log correlation from parent archive file to child files

  • Comprehensive failure reason on archive extraction (available on JSON response)

  • Sanitization output name on password protected document fully respects value set on UI

    • No longer appended with fixed value "decrypted_document" in output name

  • UTF8-encoding password for file scan request via REST

    • File scan REST API now supports "archivepwd" header with encoding password

  • Total number of files inside archive (all recursive levels), available on scan result UI

  • Archive scanning enhancements

    • Better integration logic with archive engine

    • Support empty folder inside archive engine

    • Not try to extract archive file if extracted size exceeded is anticipated

  • Database query optimization

  • Processing input refinement

    • Empty file scan request no longer is accepted at API level

  • MetaDefender Core's nginx log location no longer requires double backslashes

  • UI enhancements

    • Password field supported for password-protected archives or documents on the UI (web scan)


  • Relaunching Proactive DLP engine process after timeout could crash Node service

  • Nginx custom configuration file and certificates is unexpectedly erased when upgrading MetaDefender Core

  • Overall failure on scan could encounter when system goes wrong while analyzing file type

    • When something wrong occurred while analyzing file type, the scan process could be immediately stopped and ended up as overall failed.

  • Override scan result setting did not apply properly to empty batch

  • Changes on workflow template could interfere Core service

    • Excluding engines in workflow template could make Core service failed to start

  • Return incorrect REST response code when closing batch with invalid API key

  • Fail to create local user directory under certain settings

    • Creating "Local" user directory type could be failed when "Enhance password policy" setting is unchecked

  • Nginx access log location customized on registry is not retained when upgrading MetaDefender Core

    • When upgrading MetaDefender Core, nginx log location (nginx_logfile) could be unexpectedly reverted back to default value, not retained to what users configured.

  • Minor UI fixes

    • Some display and hyperlink minor issues related to table and navigation

    • Hitting cancel batch button on UI causing error

Version v4.16.3

Release Date: 16 Oct 2019

New features:

  • Support new header (metadata) for file submission API

  • Enhance MetaDefender Core service starting procedure

  • Enhance engine update procedure

  • Remove restriction on Core version retrieval REST API


  • MetaDefender Core service on Linux could not be started when running on FIPS mode

  • MetaDefender Core service could be unexpectedly restarted when engines repeatedly crashed

  • Uninstalling MetaDefender Core did not terminate its processes properly (nginx)

  • Password protected document could not be decrypted properly for data sanitization

  • Uninstalling MetaDefender Core did not clean up its leftover data folder

Version v4.16.2

Release Date: 10 Sep 2019

New features:

  • Restrict APIs based on user roles (configurable)

  • Support displaying and filtering username on processing history UI

  • Enhance logging with Yara matched rules appended

  • Upgraded nginx web server component to latest version 1.16.0

  • Add new scan result - Unsupported file type

  • Refined JSON output when users want to quarantine items which are already in quarantined folder

  • Updated UI (minors)


  • In-progress files could be deleted mistakenly, causing failures when scanning

  • Engines repeatedly disable and re-enable

  • File processing could be stuck until archive timeout value reached

  • Non UTF-8 characters were not displayed correctly when exporting process history via UI

  • Dependency installation issue on Ubuntu 18 & Debian 9

Version v4.16.1

Release Date: 12 Aug 2019

New features:

  • Supported to pin & unpin engines and their database on the UI to prevent auto update being applied

  • Gently handled timeout on Archive and Deep CDR engines

  • New logging mode for archive processing troubleshooting

  • Enhanced logic for non-archive file processing

  • Limited number of characters on some applicable text fields on the UI

  • Enhanced security with unquote service exploit


  • Node crash issue when under high load

  • Issue with resource manager with in-use temp files

  • Memory leaking issue on archive engine process

  • Memory leaking issue on Node process

  • Batch handling issue causing failure on batch

  • Stuck scan issue at 5% when parallelcount_7z_extract is set with definitive number

  • Detection issue on Proactive DLP engine with regrex rule applied

  • UI issue where Yara result is not displayed

  • UI visibility issue on Internet Explorer (IE) web browser

  • Some other minor UI issues

  • Wrong timezone set on exported CSV scan report

Version v4.16.0

Release Date: 08 July 2019

New features:

  • Proactive DLP engine (ver 2.0) integration

  • Password policy enforcement

  • Support archive partial sanitization for Vault and Email integration

  • New REST API for local update server source

  • Better handle archive sanitization timeout

  • Support configurable settings for archive extraction and compression parallel count

  • Enhance syslog message format

  • Retouch UI

  • Better logging with timeout on engines

  • Enhance logic to apply engine definition files


  • Wrong outcome when archive engine process unexpectedly stopped

  • Wrong UI result on sanitization timeout

  • Memory leak issue on engine package uploading

Version v4.15.2

Release Date: 19 June 2019


  • Stability issue

    • Potential deadlock issue on batch scan handling prevents querying batch information

  • Usability issue

    • Enhanced error log messages when the engine process is terminated due to engine timeout

    • Exposed log messages on warning level when there is an archive extraction failure

Version v4.15.1

Release Date: 06 June 2019

New features:

  • Partial sanitization use-case for archive file types

  • Clarified error messages for terminated engine processes

  • New REST API for cleaning up idle batch scans

  • UI improvement

  • License EULA update


  • Stability issue

    • Potential memory handling issue that could cause the node service to crash

    • Empty and read-only files are no longer extracted

  • Usability issue

    • Not able to remove abandoned temp. files of archive files when they are empty and read-only

  • Security issue

    • AD user credential is not masked properly on the audit log while sending over to AD server for authentication

  • Scanning batch REST API issues

  • Engine custom configuration

  • UI issues

    • Dashboard refresh button sometimes did not work as expected

    • List of processing records didn't show when changing "number records per page" while not staying at first page

    • Not user-friendly error messages when adding duplicate hashes to a backlist

    • Typos on the UI

Version v4.15.0

Release Date: 06 May 2019

New features:

  • Data Sanitization details displayed on Core management console

  • User password recovery and reset enforcement

  • API rate limiting

  • Support Windows Server 2019 (The support is still on beta)

  • Suspicious results returned by engines are now configurable to be handled as a different circumstance (infected, ignore)

  • Improve usability

    • Return zero for definition dates on non-AV engines' database

    • "Select all" option added to the Data Sanitization page

  • Improve handling on node

    • Improve cleanup mechanism on nodes to avoid deleting files in use

    • Improve validation process when starting the node service, support to try creating temp. folder with a configurable timeout


  • Fixed stabilization issues that possibly caused Node services to crash

  • Scan batch API closing issues

    • No longer returns total time of -1 in response

    • Should not randomly fail due to " 400 - One or more scan is still in progress" even when all linked scans already finished

  • Upgrading Core when installed in a non-default installation path prevented users from choosing another folder path by mistake

  • UI issues

    • The "Process File" button no longer disappears in case of sanitization failed

    • Max recursive level under archive handling tab must equal 1 or greater

    • non-Unicode file name displayed on web scan UI encoded properly

  • Sanitizing empty archive file no longer returns failed

Version v4.14.3

Release Date: 01 Apr 2019

New features:

  • Support built-in integration with OPSWAT Central

  • New setting for archive sanitization timeout

  • Add process time field into CSV exported history report

  • Effectively wipe out necessary data from support package

  • Revamp Inventory UI page with "Utilities" group

  • More relevant REST error message for scan request where file is non-existed / inaccessible

  • Syslog message for scan-finish event more comprehensive

  • Consolidated scan info for archive scan result fetching

  • Add libcurl4 as alternative dependency to libcurl3 for better support on Ubuntu 18.04

  • Outputs and indicators for Threat Intelligence feature on Quarantine UI page more relevant and informative


  • Node becomes unstable under high load processing

  • Closing batch with ongoing scans could result in failed verdict on batch

  • Inconsistent behavior with password protected document

  • Temporary files are not cleaned up when cancelling an ongoing scan

  • Inconsistent returned error message between batch and file scanning via REST

  • DLP verdict returns incorrect value for some cases

  • Logs in support package did not handle non-Unicode characters

Version v4.14.2

Release Date: 28 Feb 2019

New features:

  • New result page, n ew look and more informative badge


  • Engine configurations could not be saved

  • Make error message more relative for case where file exceeded the size limit

  • Pinning engines and their databases independently

Version v4.14.1

Release Date: 31 Jan 2019


  • Missing "pinned" option from "/stat/packages" JSON response

  • Inconsistent "progress_percentage" and "result" values

  • Hash validation (blacklist/whitelist)

  • Upload performance

Version v4.14.0

Release date: 19 Dec 2018

New features:

Version v4.13.2

Release date: 21 Nov 2018

New features:

  • Tiles on Dashboard are linked to the corresponding pages

  • More options to filter Processing History (Post Actions and CDR)

Fixed issues:

  • In case of an engine hangs, the communication channel is blocked between the Node and the Core, so more engines can time out

  • Clean-up mechanism removes files still in use

  • Various engine handling issues

Version v4.13.1

Release date: 31 Oct 2018

Fixed issues:

  • Yara and DLP tasks are not stopped on cancelling a processing

  • Batch processings cannot be cancelled via web management console

  • "Can't process shared resource file" error message did not contain the file name

Version v4.13.0

Release date: 16 Oct 2018


  • Yara engine integration

New features:

  • Processing history entries can be colorized

  • Files can be marked as suspicious if less than a given number of engine mark it as infected

  • Processings can be cancelled via web management console

  • Default rules are added for MetaDefender Email Security

  • Bulk operations in quarantine

Fixed issues:

  • Extracted files are left behind

  • On Debian based systems, on upgrades, engines are deleted and disabled engines are re-enabled

Version v4.12.2

Release date: 3 Oct 2018

Fixed issues:

  • In case of archive processing, sometimes clean-up mechanism removes some extracted files before processing is finished

Version v4.12.1

Release date: 26 Sept 2018

New features:

  • Files can be whitelisted/blacklisted by their checksums

  • More specific log entries for CDR

Fixed issues:

  • Details of scan result for nested archives (for the file itself not for the content) is not propagated to the top level

  • The value, set in "MAX TOTAL SIZE OF EXTRACTED FILES" is handled incorrectly

  • Older configs cannot be imported into v4.12.0

Version v4.12.0

Release date: 15 Sept 2018


  • Data Loss Prevention functionality

New features:

  • Possibility to set the number of engines that required to start file processings (per workflow)

  • Possibility to exclude engines from processings (per workflow)

  • Improved user interface performance

  • Possibility to blacklist/whitelist files by file types besides file type groups

  • Re-designed workflow tab list appearance

  • Possibility to set timeout for sessions regardless of user activity

Fixed issues:

  • On Node details page, every issue appears multiple times

  • Despite not detecting any vulnerabilities, the vulnerability tab appears

  • On hash lookup page, empty hash can be searched

  • Sanitized output file name validation can cause user interface stalled

Version v4.11.3

Release date: 30 Aug 2018

Fixed issues:

  • Whitelist page under Inventory menu does not exist (only UI issue)

Version v4.11.2

Release date: 29 Aug 2018

New features:

  • The access_log Nginx directive now can be overridden

  • The parallel count parameter now can be set per engine

  • Minor changes on user interface for better user experience

Fixed issues:

  • A critical CSV injection vulnerability in the CSV export functionality (issue reported by Wojciech ReguĊ‚a, SecuRing)

  • Archives can be sanitized even in case of partial processing (e.g. exceeded archive size, exceeded archive file number)

  • In some cases, blocked results can be overwritten by an allowed result with higher priority

  • Inconsistent operation of MetaDefender Cloud integration

  • Typos on the user interface

  • Abandoned files left behind after processings

Version v4.11.1

Release date: 8 Aug 2018

Fixed issues:

  • Unexpected Core and Node service restart in some corner cases

  • Using remote syslog server slows down the product in case of missing PTR record in DNS

  • Empty files are skipped in archives

  • Incomplete archive extraction issue happened on heavily overloaded systems

Version v4.11.0

Release date: 11 July 2018

New Features:

  • Exceptions (by mime-type) from whitelist/blacklist

  • New engine page called Technologies

  • Support for user-friendly engine configuration (depends on the engine version)

  • Welcome wizard

Fixed issues:

  • Slow clean-up mechanism

  • Abandoned files after uninstall in Windows

  • Temporary files are left behind after processings

  • Wrong sanitized output file name in some cases

  • Default workflows can be overridden on config import

  • Core crashes

Version v4.10.2

Release Date: 27 June 2018

Fixed issues:

  • Uninstall not properly cleans the system

  • The "whitelisted" and "blacklisted" results are overriden by "infected" result

  • Node crashes

  • Inconsistent results in case of archive processing: In case of processing an archive more times, the result may be different by cases (infected/exceeded archive file number/exceeded archive size)

Version v4.10.1

Release Date: 23 May, 2018

New features:

  • Data Sanitization engine time-out and retry count is now configurable

  • REST API: process info contains the name of the last scanned file when scanning archive file types

  • REST API: Configurations that may change the final scan result since the time of processing will be included in the process info response (i.e., outdated definitions)

  • Hash based result lookups can be filtered by rule name

Fixed issues:

  • Sanitized DB integrity issue

  • On the dashboard, category names of doughnut charts were truncated

  • In case of archive processing, the "Not scanned" result to a file is not propagated to a higher level (overall verdict)

Version v4.10.0

Release Date: 2 May, 2018


  • Added support for the LDAP directory type

  • Syslog messages can now be sent to multiple log aggregators

  • MetaDefender installers no longer use eicar test files

New features:

  • AD and LDAP directories can now be configured with multiple servers

  • Sanitization failures are marked with a badge in the scan session summary

  • Admin’s will be notified if a third party solution is blocking MetaDefender from working as expected

  • Users can now be granted API keys manually

  • Paginated archive results

  • HTTPS can now be enabled from web management console

Fixed issues:

  • Improved license status info

  • In some cases, sanitized files had faulty names

  • Suspicious scan results were not always at the top of the list in archive file types

  • Inappropriate handling of user rights in the Whitelist page

  • AD group members did not have user profiles

  • Misleading license information

Version 4.9.1

Release Date: 28 February, 2018

New features:

  • New-looking user interface

  • Workflows based on the default one (not edited by workflow editor) will be kept and upgraded on version upgrade in the future

  • It is allowed blacklisted/whitelisted files to be processed

Fixed issues:

  • Security zone: IP address validation

  • Cancelled batches are displayed as in-progress

  • Removing certificates from the inventory caused policies to disappear

  • Memory leak in Node

  • Access via Active Directory is not logged

  • Sluggish pages under Policy menu

Version 4.9.0

Release Date: 13 December, 2017

New features:

  • IPv6 support

  • Global whitelist by hash

  • Whitelist by file type group

  • Display more security related information on dashboard

  • Changed default port for external nodes to 8007

  • New default security rule for Metadefender Secure File Transfer (SFT)

  • Performance tuning of processing history

  • Improved resource handling on Node

  • On Linux, multiple nginx worker processes for better scaling

Fixed issues:

  • Upgrades overwrite existing configuration (IP, port, etc.)

  • Resource folder clean up after data sanitization

  • Update timing settings affect manual updates

  • Poorly handled invalid update files

  • Poorly handled UTF-8 characters in output file name for sanitized files

  • /hash API can give "in progress" result

Version 4.8.2

Fixed issues:

  • Fixed a memory leak caused by failed update download

  • Fixed a possible crash issue at Scan history manual cleanup in case of high load

  • Fixed a memory leak in case of recurrring failed database deployment on Node

Version 4.8.1

Release Date: 5 October, 2017

New features:

  • Improved engine/database update distribution to nodes

  • Improved archive extraction limit handling

  • Improved engine monitoring

  • More precise time duration measurement for requests

  • API for canceling scans (file/batch scans)

  • Option to disable archive extraction of office documents

  • For batch scans, certificate validity interval can be set

  • Improved scan result badge

Fixed issues:

  • Fixed issue of scans stuck in "in progress" state

  • Fixed possible product crash during archive scanning

  • Fixed update bug where incorrect packages left behind

  • Fixed failed quarantine handling

  • Fixed handling unavailable engine during scans

  • Scan result JSON now contains file name in UTF-8 format

  • Limited number of parallel Post Action and External Scanner scripts

  • Archive handling parameters now have upper bound

  • Improved archive handling

  • Archive related failure handling

Version 4.8.0

New features:

  • Quarantine for blocked files

  • Scanning files in batch (REST API)

  • Certificate and key handling for scan batch signing

  • Configurable sanitized file name

  • Post action commands gets the result JSON with final verdict included

  • Increased scan history export interval

  • Improved archive bomb handling

  • Added eng_id to scan_results.scan_details (REST API)

  • Showing in-progress files in "extracted files" list of archives

  • Added "scan_all_result_a" into "extracted_files" (REST API)

Fixed issues:

  • Fixed case insensitive username comparison in Active Directory integration

  • Process workflow revamped (post actions run every time)

  • Fixed non-updated policy user interface after added new user roles

  • Fixed handling of database upgrade errors in linux package installers

  • Fixed error handling when scan target was sent in the body and via filepath (/file REST API)

  • Fixed disconnected ghost node issue displayed on user interface

Version 4.7.2

Issues fixed:

  • Fixed bug that could cause policies to not contain any elements and forbid user to create new items

  • Fixed bug where Core could download older version of engines where newer one was already downloaded

Version 4.7.1

Issues fixed:

  • Fixed upgrade of scan configuration

  • Fixed ghost nodes appeared on Inventory→ Nodes page

Version 4.7.0

New features:

  • Active Directory integration

  • Custom post actions

  • Redesigned user interface

  • External (customer developed) scanner integrations

  • Policies export/import

  • Archive sanitization

  • Individual log message level override

  • Aggregated archive scan result in Scan History

  • Self-lockout protection, admins can not delete themselves

  • gzip and base64 encoding now supported on /file REST API

  • Able to navigate through archive hierarchy

  • Timezone changed to local in log messages

  • Metadefender Cloud integration hostname changed to api.metadefender.com

Issues fixed:

  • Fixed scanning of .lnk files on Windows

  • Fixed blacklisting of Unicode filenames

  • Automatically downloads packages again if the previous download failed

  • Fixed order of extracted files on scan details view

  • Fixed rare temporary file leak during archive scan

Version 4.6.3

Issues fixed:

  • Improved scan result fetching performance for big archives

Version 4.6.2

Issues fixed:

  • Improved archive extraction performance

  • Fixed a race condition in /file/<data id> REST API that could provide access error in some cases

  • Fixed advanced engine config reload for Data sanitization engine

  • Fixed login issue which happened when many login request was initiated concurrently

  • Fixed calculation of extracted file count

Version 4.6.1

New features:

  • List of path for local filescan can be blacklist / whitelist with specific error message on REST

Issues fixed:

  • Invalid external Node listenting IP/port config stops product startup

  • Connection to remote syslog is reactivated on network error

  • If user has no right to use a rule, following rules in order will still be checked

  • sending HEAD request where GET should have been sent will not lead to product crash

  • Ensure resource file deletion on Microsoft Windows when a scan engine locks file further than expected

  • Scan history CSV export uses comma as separator

  • Fixed potential Node service crash when stopping during scanning

  • More specific error message when uploaded file size limit exceeded

  • Fixed a rare race condition in update downloader component

  • Fixed login issue when Core v3 like URL is used by the admin (/management)

Version 4.6.0

New features:

  • Multiple user roles introduced with different access rights

  • Scan Agent has been renamed to Scan Node

  • Role (user group) based rule availability configuration

  • Role based scan result visibility with different level of details exposed

  • Ability to export part of scan history into STIX/Cybox format

  • Ability to export part of scan history into CSV format

  • Filter on rule and source added into Scan history

  • Configurable lockout feature against brute force login attack

  • Official support introduced for Ubuntu 16.04

  • Detection threshold (suppress threat detection if less then X engines detected a threat)

  • Custom engine configuration via user interface

  • Free text search functionality in user guide

  • Suspend engine testing/deployment to Node when 3rd party security software blocks access to malware files

  • Successful login / unsuccessful login / lockout events are logged

  • Option to send engine issue count info during update

  • [REST API] /file/{data_id} response for scan results now contain process info block for extracted files

  • Initiating local scan is faster as no wait for hashing is required

Issues fixed:

  • [REST API] /file/{data_id} blocked reason change to mirror V3 API

  • Fixed handling of archive extraction depth

  • More flexible and stable internal database upgrade when upgrading product

  • Custom engine update timeout increased to one hour to deal with slow engine updates

  • Archive engine fixes (non-ASCII filenames in archive)

  • Engine handling fixes, improved handling of engine deinitialization

  • More precise engine cleanup when removing engines

  • Fixed bug where random connections were rejected every 2 min

  • Fixed bug regarding updates handling (conflicting names)

  • Filesize is now correctly displayed on scan result user interface

  • Support package generator now includes auditlog db

Version 4.5.1

Issues fixed:

  • Fixed possible crash of Agent when there is database which is handled by engine

  • Fixed possible crash of Core that could occur when updating a package

Version 4.5.0

New features:

  • Data Sanitization of files to protect against unknown threats

  • Filetype mismatch detection

  • Improved user interface responsiveness for small screens

  • Real filetype based blacklist option in rules/workflows

  • Improved licensing for offline deployments

  • Added product specific proxy settings in the Linux version

  • Advanced configuration for allowed/blocked file scan result types

Issues fixed:

  • Fixed local scan option user interface for new rules

  • Fixed Scan History auto cleanup collision with manual cleanup

  • Potential issue fixed for update file upload

  • /apiversion interface is added to easily determine REST API compatibility level

Version 4.4.1

New features:

  • Added several features/improvement for better Metadefender Kiosk integration

  • Full audit log about any configuration changes via Web user interface or REST API

  • Able to disable applying update in user configurable time periods

  • Core can act as an update source for OESIS product line

  • Detect if the analyzed binary is a part of any vulnerability detection

  • Improved scan engine status monitoring and auto recovery

  • Custom directory can be set for storing temporary files

  • Able to set up apikey for every user for easier REST API integration

  • Improved hardware detection in license component

Issues fixed:

  • Fixed message content format in Windows Event log

  • Fixed system wide proxy usage on Windows

  • Improved browser cache handling in case of product upgrades

  • Fixed a path specification issue in local file scanning feature on Windows

  • Fixed engine counting on Agent details page (do not count utility type engines)

  • Fixed lost agent connection handling

  • Fixed handling of unsupported Transfer-Encoding on REST API

  • Patched internal nginx web server to fix CVE-2016-4450

  • Fixed archive timeout handling and user interface

  • Fixed scan results in case of archive related findings

  • Improved logging of proxy usage

  • Improved handling of slow file uploads

  • Detailed logging in case of SSL connection issues

  • Improved auto-recovery of engines running under Emulated Windows

Version 4.3.0

New features:

  • Introduced official support for Microsoft Windows 7 or newer and Microsoft Windows Server 2008 R2 or newer

  • Added offline update picker feature to make it easy to apply offline updates without user interaction or scripting

  • Able to scan local files stored on server without transferring the content via REST API

  • Added hardware related info into generated support package

  • Created a framework in Linux version to be able to run Windows scan engines on Linux server

  • Option added to log to a remote syslog server

  • Inventory / Scan Agents page extended with more detailed agent information

  • Parameter workflow renamed to rule in some REST APIs

  • Improved system issue notification on Web Management Console

  • Added detection of 3rd party anti-malware products that break operation of Metadefender Core

  • Improved scan performance of various engine integrations

Issues fixed:

  • Improved documentation of multiple REST APIs

  • Fixed failed scans during some engine or database update

  • Removed unmeaningful database age display of non-anti-malware engines

Version 4.2.0

New features:

  • product name has changed to Metadefender Core

  • able to use scan results from metadefender.com

  • workflow options can be configured from Web Management Console

  • workflow options can be overridden from rule editor window

  • support for system wide HTTPS proxy

  • it is possible to configure maximum file size of scanned files

  • filtering security rule by user agent is now possible

  • eliminate limitations on the size of scanned files

  • improved scan related log messages

  • deployment can now be deactivated on the License page

  • automatic deployment reactivation of online installations if license becomes invalid

  • Metascan v3 URLs (/management and /metascan_rest) are now redirected to the proper v4 URLs

  • check disk space before/during scan requests

Issues fixed:

  • fixed encrypted communication error with activation server on Ubuntu 12.04

  • fixed temporary folder cleanup

  • fixed support data collector scripts

  • do not download database without the corresponding engine package

  • number of engines and maximum file size is now reflect the current status

Version 4.1.0

New features:

  • https support for REST API and for Web Management Console

  • update history to track every database/engine change

  • new option to globally disable or enable specific scan engine

  • reworked result page for archive files

  • user guide is available within the product

  • no scan downtime while updating engine/database (if engine supports)

Issues fixed:

  • more descriptive communication error messages instead of error codes in logs

  • proper handling of update download issues

  • fixed handling of scan engine crashes

  • fixed manual update package upload

  • fixed unwanted warning message after successful activation

Version 4.0.1

New features:

  • new script to help log collection for support

  • inform the user if browser is not HTML5 compatible

  • show a spinner if loading a page takes too much time

  • support lower screen resolution for web interface

  • support for non-ascii character filenames in archives

Issues fixed:

  • fix stability issue in update downloader

  • optimize database queries

  • do not check for updates at product startup if auto update is off

  • fixed a page auto refresh issue with Internet Explorer

Version 4.0.0

New features:

  • Able to to monitor Metascan v4 for Linux instances

  • Able to to monitor Metascan v3 for Windows instances

  • Collect Files scanned and Infections found stats from managed instances

  • Deploy scan engine database updates to Metascan v3 for Windows instances

  • Deploy scan engine and scan engine database updates to Metascan v4 for Linux instances