Linux

The configuration file for the server is located in /etc/ometascan/ometascan.conf

After modifying the server configuration file you must restart the Metadefender Core service in order for the changes to take effect. You should use the distribution-standard way to restart the service.

[global] section

parameter	default value	required	description
restaddress	0.0.0.0	required	One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)
restport	8008	required	Designated port number for the web and REST interface
address		optional	Address of the computer to accept external scan node connections
port		optional	Designated port number to accept external scan node connections
report_engine issue	true	optional	Enable reporting of engine issue count. (possible values: "true" or "false").
quarantinepath	[Core data directory]/quarantine	optional	Directory for quarantine database and quarantined items
sanitizepath	[Core data directory]/sanitized	optional	Directory for sanitized database and sanitized items

[logger] section

key	default value	required	description
logfile	/var/log/ometascan/ometascan.log	optional	Full path of a logfile to write log messages to
loglevel	info	optional	Level of logging. Supported values are: debug, info, warning, error
syslog		optional	Switch on logging to a local ('local') or remote ('protocol://<hostname>:<port>') syslog server (Multiple server can be specified separated with comma)
syslog_level		optional	Level of logging. Supported values are: debug, info, warning, error
local_timezone	false	optional	Set local timezone for events sending to local syslog server
override		optional	Override specific log ids to display them on another level e.g.: "1723:error,663:info"
cef	false	optional	If true, the log format is Common Event Format.
nginx_logfile	/var/log/ometascan/nginx-ometascan.log	optional	File name and path to store the NGINX logs. If this value is changed, the /etc/logrotate.d/ometascan should be changed accordingly.

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

For override a list of log message ids needed with optionally a level. If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

[internal] section

key	default value	required	description
data_directory	/var/lib/ometascan	optional	Full path for MD Core’s data (database, updates etc.) E.g. /var/lib/ometascan/test
db_optimization	0	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above. Database optimization has been introduced since Core 4.17.0 to help run database queries faster on MetaDefender Core. The downside could be, while this task is running (for a few seconds), further data queries need to hold up and possibly causing timeout on client side. If this parameter is enabled (set to 1), then MetaDefender Core performs a database optimization task. Supported values: 0 (default mode, same behavior like Core 4.16.3 or older): scheduled_db_optimization_time setting will be ignored. 1 (enabled to run optimize): If scheduled_db_optimization_time setting is not set: MD Core run database optimization for every 10,000 records, not tied to any specified time. Otherwise if scheduled_db_optimization_time is set to X (from 0:00 to 23:59): MD Core performs the optimization at X (e.g. 3:00 am) each day. Do not run optimization every 10,000 records.
scheduled_db_optimization_time	`<hh>:<mm>` `(`24 hour format)	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above. This setting is only applicable when and only when db_optimization setting is set to 1 (enabled). When being set, then MetaDefender Core performs a database optimization at the time configured. E.g.: Configure MetaDefender Core to perform the optimization at 10:35 PM every day: scheduled_db_optimization_time value = 22`:35`

Windows

The configuration for the server is located in Windows Registry

After modifying the server configuration file you must restart the MetaDefender Core service in order for the changes to take effect.

Default logging target is Windows event log with default level of info (see below).

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\global

parameter	default value	type	required	description
restaddress	0.0.0.0	string value	required	One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)
restport	8008	string value	required	Designated port number for the web and REST interface
address		string value	optional	Address of the computer to accept external scan node connections
port		string value	optional	Designated port number to accept external scan node connections
report_engine issue	true	string value	optional	Enable reporting of engine issue count. (possible values: "true" or "false").
quarantinepath	[installdir]\data\quarantine	string value	optional	Directory for quarantine database and quarantined items
sanitizepath	[installdir]\data\sanitized	string value	optional	Directory for sanitized database and sanitized items

Reporting of engine issue count

If reporting of engine issue count is enabled, Metadefender Core v4 server will send only the number of initialization errors and number of unexpected stops for the specific db/engine version. This information is sent over a HTTPS channel when the product downloads the latest package descriptors. This information is used for early detection of any specific 3rd party engine quality issues.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\logger

key	default value	type	required	description
logfile		string value	optional	Location of a logfile to write log messages to.
loglevel		string value	optional	Level of logging. Supported values are: debug, info, warning, error. Must set value on this key when logfile key is also set accordingly.
log_rotation	0	string value	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above, Windows OS only (on Linux, we use already-supported OS log rotation). Should only set this key when logfile key is also set accordingly. Supported values: 0 (default mode, same behavior like MetaDefender Core 4.17.2 or older): Core logs are not rotated. 1 (enable to rotate log): Rotation process will be performed every day, regardless of file size. Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit. Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile. All generated log packages included in MetaDefender Core support package.
wineventlog_level	info	string value	optional	Level of logging. Supported values are: debug, info, warning, error.
syslog		string value	optional	Value can only by in form of 'udp://<hostname>:<port>' (Multiple server can be specified separated with comma)
syslog_level		string value	optional	Level of logging. Supported values are: debug, info, warning, error. Must set value on this key when syslog key is also set accordingly.
local_timezone	false	string value	optional	Set local timezone for events sending to local syslog server.
override		string value	optional	Override specific log ids to display them on another level e.g.: "1723:error,663:info".
cef	false	string value	optional	If true, the log format is Common Event Format.
nginx_logfile	[installdir]\nginx\nginx.log	string value	optional	File name and path to store the NGINX logs.
nginx_log_rotation	0	string value	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above, Windows OS only (on Linux, we use already-supported OS log rotation). Should only set this key when nginx_logfile key is also set accordingly. Supported values: 0 (default mode, same behavior like Core 4.17.2 or older): Nginx logs are not rotated. 1 (enable to rotate log): Rotation process will be performed every day, regardless of file size. Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit. Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: nginxlog.log-20200330.gz), all saved in same location with what you set in nginx_logfile. All generated log packages included in MetaDefender Core support package

Please note, if a data entry to be used does not exist, it should be created first.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\internal

key	default value	type	required	description
data_directory	<MD Core installation folder>\data	string value	optional	Full path for MD Core’s data (database, updates etc.) E.g. D:\custom_path
db_optimization	0	string value	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above. Database optimization has been introduced since Core 4.17.0 to help run database queries faster on MetaDefender Core. The downside could be, while this task is running (for a few seconds), further data queries need to hold up and possibly causing timeout on client side . If this parameter is enabled (set to 1), then MetaDefender Core performs a database optimization task. Supported values: 0 (default mode, same behavior like Core 4.16.3 or older): scheduled_db_optimization_time setting will be ignored. 1 (enabled to run optimize): If scheduled_db_optimization_time setting is not set: MetaDefender Core run database optimization for every 10,000 records, not tied to any specified time. Otherwise if scheduled_db_optimization_time is set to X (from 0:00 to 23:59): MD Core performs the optimization at X (e.g. 3:00 am) each day. Do not run optimization every 10,000 records.
scheduled_db_optimization_time	`<hh>:<mm>` `(`24 hour format)	string value	optional	This setting is only applicable MetaDefender Core version 4.17.3 or above. This setting is only applicable when and only when db_optimization setting is set to 1. When being set, then MD Core performs a database optimization at the time configured. E.g.: Configure MetaDefender Core to perform the optimization at 10:35 PM every day: scheduled_db_optimization_time value = 22`:35`

3.2.1. Startup Core Configuration