The Workflow templates page is found under Policy > Workflow templates after successful login.
These workflow templates define the scanning methods that can be used by the rules.
MetaDefender Core comes with predefined workflow templates that can not be modified, however they can be copied and the created workflow templates are fully customizable.
NOTE: These predefined workflow templates cannot be modified or removed.
It is highly recommended to use less workflow template and rather more rules based on the workflow templates.
Workflow templatesWhen clicking on a workflow template a windows pops up showing different tabs related to the workflow templates different kind of properties.
On the Archive tab the archive handling can be enabled or disabled as well as other parameters can be set.
The max recursion level defines how deep extraction should go into the archive, the number of maximum extracted files also can be set as well as the overall maximum size of these files.
It is also possible to disable scanning the archive itself, and a timeout for the whole process can be set as well.
During scan it is possible to create blacklists/whitelists where files depending on their MIME-TYPE and extensions can be skipped. Both of these can be stored in the fields on the Blacklist/Whitelist tab. Also it is available to blacklist/whitelist all the files coming from the same group, such as executables, Microsoft Office files and others. When filtering by mime-type or filename, the filter is handled as a regular expression.
Exceptions can be defined in Exceptions (by mime-type) section using regular exceptions. For instance, if all office files have to be blocked except docx files, then Office documents group should be chosen and ^application\/vnd\.openxmlformats-officedocument\.wordprocessingml\.document$ expression should be given as exception.
Files can also be whitelisted by their checksums. For more information please see Whitelist (by hash) page.
File type mismatch feature can be enabled on the tab. With this feature on, when the extension of the file does not match with the available extensions for the actual file type, the scan result will be Filetype Mismatch.
The timeout for the different engines and the whole scanning process also can be set. The maximum allowed size of scanned objects can be set also on this tab as well.
It is possible to enable and set a threshold value for the failed engine results. If the number of failed engine results for the currently scanned object reaches this value, then the overall result will also be failed. This threshold value does not have an effect on suspicious or infected results.
If the provided workflows do not meet your requirements, please contact our support team via the OPSWAT Portal.
When MetaDefender Cloud workflow element is enabled, online database will be used. On the result page existing scan results found by file hashes will be shown.
By enabling data sanitization one can convert from a set of supported filetypes into another (or the same). By doing so lot of vulnerabilities can be got rid out of rendering the resulting file be more safe. Both the types to be sanitized and the target filetype can be set. File name fro sanitized files can be defined by using "Output filename format" field. For usage and meanings of variables, please refer to Setup output file name page.
The maximum allowed time for data sanitization to be made can be configured through the "Conversion timeout" and "Try count" options, where first one means that data sanitization should finish within the configured timeframe, otherwise abort the conversion and latter means the number of times product should retry in case of a failed conversion.
Beware, however, that possible data loss or change may occur during conversion, thus this feature is disabled by default.
Note that data sanitization engine is currently available only for Windows nodes.
Result of sanitization can be either downloaded on the scan page or retrieved the data ID via REST. See Fetch Scan Result. Note that /hash API does not provide such information.
Length of time the system stores sanitized files can be set in Settings > Data retention.
By enabling 'Quarantine blocked files' all of the files which are blocked are automatically copied to the quarantine.
By enabling 'Fallback filetype detection to current extension if needed' (default enabled), file type detection can use the extension of the currently processed file as a helping hand. For example this could be useful, when analyzing CSV files.
By enabling 'OVERRIDE SCAN RESULTS CLASSIFIED AS ALLOWED' it is possible to overwrite the default behaviour of MetaDefender and determine which scan verdicts should result as allowed.
Scan results checked are marked as allowed.
By default only 'No Threat Detected' and 'Skipped Clean' verdicts result in allowed status.