3.2.1. Startup Core Configuration

Linux

The configuration file for the server is located in /etc/ometascan/ometascan.conf

After modifying the server configuration file you must restart the Metadefender Core service in order for the changes to take effect. You should use the distribution-standard way to restart the service.

[global] section

parameter

default value

required

description

restaddress

0.0.0.0

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8008

required

Designated port number for the web and REST interface

address

 

optional

Address of the computer to accept external scan node connections

port

 

optional

Designated port number to accept external scan node connections

report_engine issue

true

optional

Enable reporting of engine issue count. (possible values: "true" or "false")

quarantinepath

[Core data directory]/quarantine

optional

Directory for quarantine database and quarantined items

sanitizepath

[Core data directory]/sanitized

optional

Directory for sanitized database and sanitized items

dbmode

1

optional

Support database mode, possible values:

  • 0: Not used for now, reserved

  • 1: Standalone Core (default)

  • 2: Not used for now, reserved

  • 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)

After changed, a Core service restart is required to take effect.

Only available starting MetaDefender Core 4.19.2

[logger] section

key

default value

required

description

logfile

/var/log/ometascan/ometascan.log

optional

Full path of a logfile to write log messages to

loglevel

info

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

optional

Switch on logging to a local ('local') or remote ('protocol://<hostname>:<port>') syslog server

(Multiple server can be specified separated with comma)

syslog_level

 

optional

Level of logging. Supported values are: debug, info, warning, error

local_timezone

false

optional

Set local timezone for events sending to local syslog server

override

 

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info"

cef

false

optional

If true, the log format is Common Event Format.

nginx_logfile

/var/log/ometascan/nginx-ometascan.log

optional

File name and path to store the NGINX logs. If this value is changed, the /etc/logrotate.d/ometascan should be changed accordingly.

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

For override a list of log message ids needed with optionally a level. If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

[internal] section

key

default value

required

description

db_connection

10

optional

Define maximum number of concurrent connections allows MetaDefender Core to open to work with PostgreSQL database server.

Only available starting MetaDefender Core 4.19.1

data_directory

/var/lib/ometascan

optional

Full path for MD Core’s data (database, updates etc.)

E.g. /var/lib/ometascan/test

db_optimization

0

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above.

Database optimization has been introduced since Core 4.17.0 to help run database queries faster on MetaDefender Core. The downside could be, while this task is running (for a few seconds), further data queries need to hold up and possibly causing timeout on client side.

If this parameter is enabled (set to 1), then MetaDefender Core performs a database optimization task.

Supported values:

  • 0 (default mode, same behavior like Core 4.16.3 or older): scheduled_db_optimization_time setting will be ignored.

  • 1 (enabled to run optimize):

    • If scheduled_db_optimization_time setting is not set: MD Core run database optimization for every 10,000 records, not tied to any specified time.

    • Otherwise if scheduled_db_optimization_time is set to X (from 0:00 to 23:59): MD Core performs the optimization at X (e.g. 3:00 am) each day. Do not run optimization every 10,000 records.

scheduled_db_optimization_time

<hh>:<mm> (24 hour format)

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above.

This setting is only applicable when and only when db_optimization setting is set to 1 (enabled). When being set, then MetaDefender Core performs a database optimization at the time configured.

E.g.: Configure MetaDefender Core to perform the optimization at 10:35 PM every day:

  • scheduled_db_optimization_time value = 22:35

Windows

The configuration for the server is located in Windows Registry

After modifying the server configuration file you must restart the MetaDefender Core service in order for the changes to take effect.

Default logging target is Windows event log with default level of info (see below).

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\global

parameter

default value

type

required

description

restaddress

0.0.0.0

string value

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8008

string value

required

Designated port number for the web and REST interface

address

 

string value

optional

Address of the computer to accept external scan node connections

port

 

string value

optional

Designated port number to accept external scan node connections

report_engine issue

true

string value

optional

Enable reporting of engine issue count. (possible values: "true" or "false").

quarantinepath

[installdir]\data\quarantine

string value

optional

Directory for quarantine database and quarantined items

sanitizepath

[installdir]\data\sanitized

string value

optional

Directory for sanitized database and sanitized items

dbmode

1

string value

optional

Support database mode, possible values:

  • 0: Not used for now, reserved

  • 1: Standalone Core (default)

  • 2: Not used for now, reserved

  • 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)

After changed, a Core service restart is required to take effect.

Only available starting MetaDefender Core 4.19.2

Reporting of engine issue count

If reporting of engine issue count is enabled, Metadefender Core v4 server will send only the number of initialization errors and number of unexpected stops for the specific db/engine version. This information is sent over a HTTPS channel when the product downloads the latest package descriptors. This information is used for early detection of any specific 3rd party engine quality issues.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\logger

key

default value

type

required

description

logfile

 

string value

optional

Location of a logfile to write log messages to.

loglevel

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

Must set value on this key when logfile key is also set accordingly.

log_rotation

1

string value

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above, Windows OS only (on Linux, we use already-supported OS log rotation).

Should only set this key when logfile key is also set accordingly.

Supported values:

  • 0 (same behavior like MetaDefender Core 4.17.2 or older): Core logs are not rotated.

  • 1 (default mode), enable to rotate log:

    • Rotation process will be performed every day, regardless of file size.

    • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.

    • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile.

    • All generated log packages included in MetaDefender Core support package.

wineventlog_level

info

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

syslog

 

string value

optional

Value can only by in form of 'udp://<hostname>:<port>'

(Multiple server can be specified separated with comma)

syslog_level

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

Must set value on this key when syslog key is also set accordingly.

local_timezone

false

string value

optional

Set local timezone for events sending to local syslog server.

override

 

string value

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info".

cef

false

string value

optional

If true, the log format is Common Event Format.

nginx_logfile

[installdir]\nginx\nginx.log

string value

optional

File name and path to store the NGINX logs.

nginx_log_rotation

1

string value

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above, Windows OS only (on Linux, we use already-supported OS log rotation).

Should only set this key when nginx_logfile key is also set accordingly.

Supported values:

  • 0 (same behavior like Core 4.17.2 or older): Nginx logs are not rotated.

  • 1 (default mode), enable to rotate log:

    • Rotation process will be performed every day, regardless of file size.

    • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.

    • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: nginxlog.log-20200330.gz), all saved in same location with what you set in nginx_logfile.

    • All generated log packages included in MetaDefender Core support package

Please note, if a data entry to be used does not exist, it should be created first.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\internal

key

default value

type

required

description

db_connection

10

string value

optional

Define maximum number of concurrent connections allows MetaDefender Core to open to work with PostgreSQL database server.

Only available since MetaDefender Core 4.19.1

data_directory

<MD Core installation folder>\data

string value

optional

Full path for MD Core’s data (database, updates etc.)

E.g. D:\custom_path

db_optimization

0

string value

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above.

Database optimization has been introduced since Core 4.17.0 to help run database queries faster on MetaDefender Core. The downside could be, while this task is running (for a few seconds), further data queries need to hold up and possibly causing timeout on client side .

If this parameter is enabled (set to 1), then MetaDefender Core performs a database optimization task.

Supported values:

  • 0 (default mode, same behavior like Core 4.16.3 or older): scheduled_db_optimization_time setting will be ignored.

  • 1 (enabled to run optimize):

    • If scheduled_db_optimization_time setting is not set: MetaDefender Core run database optimization for every 10,000 records, not tied to any specified time.

    • Otherwise if scheduled_db_optimization_time is set to X (from 0:00 to 23:59): MD Core performs the optimization at X (e.g. 3:00 am) each day. Do not run optimization every 10,000 records.

scheduled_db_optimization_time

<hh>:<mm> (24 hour format)

string value

optional

This setting is only applicable MetaDefender Core version 4.17.3 or above.

This setting is only applicable when and only when db_optimization setting is set to 1. When being set, then MD Core performs a database optimization at the time configured.

E.g.: Configure MetaDefender Core to perform the optimization at 10:35 PM every day:

  • scheduled_db_optimization_time value = 22:35