MetaDefender Core v4.19.1

Released on 21 Oct 2020

This is a release focused on both new features and bug fixes.

Processing file with input as a download link

Supporting users to process file by just specifying a direct download link, which means no required for the payload in HTTP(S) request body.

Details: 8.1.12. Scan via download link

Tombstone file supported for archive sanitization

Whenever any child file in original archive file are not sanitized successfully, the product supports to append tombstone file into sanitized archive file to indicate which original child file(s) are removed from sanitized archive output file with details.

Details: 5.1. Archive Sanitization

No hash calculation configurable setting

Support an option to skip hash calculation on every processing file (using dummy hash values instead) regardless it is individual file or a part of archive.

Expecting to be used against giant file processing to significant reduce overall processing time.

Details: 3.6.4.1. (New) Skip hash calculation setting

Nginx web server component ugprade

Nginx web server has been upgraded to its latest stable version 1.18.0.

https://www.nginx.com/blog/nginx-1-18-1-19-released/

Comprehensive individual scan report in PDF

Support users to download a detailed scan report in PDF format on any processed individual file.

Details: 7.8. Download single scan report as PDF

PostgreSQL performance improvement on scan result query

Improved scan result query against PostgreSQL server in certain circumstance (query by hash value).

Enhanced mechanism in selecting relevant database connections for serving data related requests.

PostgreSQL connections configurable setting is supported (for scaling up)

A new setting called " db_connection" to define a maximum number of concurrent connections allows MetaDefender Core to open and work with PostgreSQL database server.

Details: 3.2.1. Startup Core Configuration

UNC path supported for local file scan

Local file scan feature now accepts UNC path specified on desired workflow rule's setting

Details: 3.6.4.2. (New) Local scan enablement

New processing time in JSON scan report for each stage in workflow processing

The JSON response for scan result will include processing time on each major workflow processing step.

Details: 8.1.3.2. Fetch processing result

New workflow rule configuration supported for file-based vulnerability assessment

File-based vulnerability assessment will be supported to be managed under each workflow rule, comes with new configurable settings.

Details: 3.6.4.3. (New) File-based vulnerability assessment workflow rule

New workflow rule configuration supported for file type analysis

File type analysis will be supported to be managed under each workflow rule, comes with new configurable settings.

Details: 3.6.4.4. (New) File type analysis workflow rule

New configuration to skip further processing (and block) in certain malware scan results

Support an option to skip any further processing (e.g. sanitization) EXCEPT post action run (if configured) on every processing file if the AV scan engines' final result matched to any supported and checked scan result in the list.

Details: 3.6.4.5. (New) Skip further processing in certain malware scan results

New configuration to skip further processing (and block) if file type detection failed

Enabling it to let MetaDefender Core skip further processing if actual file type could not be detected by file type engine for following reasons:

• File type engine process crashed

• Waiting tasks in queue aborted when file type engine process terminated

• File type analysis task timed out

• User cancelled entire processing while analyzing file type

When triggered, the final scan verdict will be “Not scanned”.

Details: 3.6.4.4. (New) File type analysis workflow rule

Enhance existing configuration to skip further processing (and block) if archive engine is not available

Support an option to skip any further processing (e.g. sanitization) and fail any processing archive file if archive engine was not available for any reasons (disabled, crashed, timed out…) before trying to extract that archive file. The final processing verdict will be “Failed”.

Details: 3.6.4.6. (New) Skip further processing if archive engine is not available

Proper blocked reason in JSON scan result when sanitization failed or timed out

With Deep CDR's workflow setting "Block files if sanitization fails or times out" is enabled, when the sanitization result meets those conditions, then now the "blocked_reason" key value would represent actual sanitization failure result (instead of other scan results such as No Threat Detected which could cause misleading to client integration).

Override whitelist certain file types in archive file scanning

When triggered, the whitelist setting will be ignored if pre-configured file types belong to archive file processing.

Details: 3.6.6. (New) Override whitelist or blacklist certain file types for archive file processing

Proactive DLP default threshold value changed to high

The previous threshold value was low under Proactive DLP workflow rule settings. For those customers already tweaked this setting value, this change will not revert their pre-configured setting.

This change is to address false positive concern on DLP processing against files inside document by default.

Email server configuration now accepts no authentication option

That helps integrate with external email server without authentication required.

Details: 3.12.1 Email Configuration

MetaDefender Core could be activated via offline mode without any network card enabled

In an isolated environment, we understand that your machine's network card could be disabled completely for security reasons. Hence now MetaDefender Core could be activated under that circumstance with offline yml file upload as usual.

Log enhancement on webhook callback failure on HTTPS mode

When the callback failed to send to client side over HTTPS, the status code will be 444, and now the product log is enhanced to reveal more why the secure connection was not made successfully.

Details: 8.1.11.3. Query webhooks status

Improved search performance on MetaDefender Core processing history page

Earlier users could observe the slowness in search by username while MetaDefender Core was running data retention.

Advanced engine settings mistakenly reset back to default values

Upgrading MetaDefender Core could cause engines' advanced settings lost and reverted back to default values.

Ignition file with configuration file location import issue

Using ignition file for configuration file location import was not working.

Sanitized archive compression failed with same password retainment

Archive sanitization could be failed with same password retain feature enabled under Deep CDR workflow settings.

Potential memory leak issue

Leaking on Node component (ometascan-node) while updating engines online, or via Central Management.

Input validation

Enhanced and fixes bad input validation for data queries.

Service crashed in certain circumstance

Core component could be crashed when stopping the service immediately upon the product service start command.

Update from folder feature issue

Update from folder trigger failed to skip in what pre-configured for update pause time frame.

Failed to download big sanitized files

Failure could be exposed (failed to download) against big sanitized files in GB in size.

Product database migration issue

Failed for statistics data migration.

Proactive DLP regex validation failed for Unicode characters

Fixed to support encoded Unicode characters in Proactive DLP's regex (Proactive DLP version 2.5.0 or above is required)

Sanitized archive file contained blocked watermarked file

The issue could only happen when Proactive DLP was used with watermarking triggered on child files inside archive sanitization.