Configuration From Config File

The Metadefender Mail Agent includes a set of configuration files that can be used to customize the application behavior and not most of the configurations are not available on management console.

Metadefender.Common.dll.config

Change will be applied within 30 seconds without restarting mail agent service.

Name

Description

Default Value

InstallationFolder

Installation folder

Run-time location of Metascan.Common.dll file

LogsFolder

Logs folder

[Installation folder]\Logs

LogMaxSize

Possible values are, for example 100MB, or 4DAYS.

7DAYS

LogFormat

Possible values are Text or Xml

Text

LogLevel

Possible values are Debug, Info, Warn, Error, Fatal

Debug

RestClientTimeoutMs

Default timeout in milliseconds until a REST call times out

60000

Metadefender.Email.Engine.Exchange[2007/2010/2013].Agent.dll.config

Any change on this config file requires restarting Microsoft Exchange Transport service.

Name

Description

Default Value

LogName

Log name

Metascan.Email.Engine.Exchange[2003/2007/2010/2013].Agent

LogFilename

Log file name

Metascan.Email.Engine.Exchange[2003/2007/2010/2013].Agent.log

PickupPath

Exchange Server Replay Path

Added at install time

AgentGuid

Agent Guid. Should be unique.

Added at install time

AgentStatusCheckInterval

Durations between agent status checks

00:00:20

Protocol

Protocol to use when sending process requests. Possible values are: REST

REST

RestBaseUrl

REST base url (Should point to Mail Agent, not MD Core)

http://localhost:8000/

UseQueueFile

Use a temp queue file when submitting email instead of streaming content via protocol

True

Metadefender.Email.Engine.Generic.Agent.dll.config

Change will be applied within 30 seconds without restarting mail agent service.

Name

Description

Default Value

WorkExtension

File extension to use when processing an email.

.work

BadExtension

File extension to use for a file that cannot be parsed or processed

.bad

AgentGuid

Agent Guid. Should be unique.

Added at install time

AgentStatusCheckInterval

Durations between agent status checks

00:00:20

Protocol

Protocol to use when sending process requests. Possible values are REST

REST

StartRestServer

Start the REST server

True

RestoreWorkItemsOnStartup

Rename any items with a work extension (.work) to .eml on service startup

True

EmailProcessedHeaderName

MIME Header name for emails processed by Mail Agent in order to avoid duplicates

X-Metadefender-EmailSecurity-Id

EmailRelayInProcessName

Process name for emailrelay.exe application

emailrelay

EmailRelayOutProcessName

Process name for emailrelayout.exe application

emailrelayout

EmailRelayInStart

Start Email relay process on service startup. (To monitor for incoming SMTP traffic)

True

EmailRelayInPort

Port to monitor by email relay

10025

EmailRelayInParameters

Parameters that are passed to email relay application

--no-daemon --remote-clients --hidden --as-server --port 10025 --spool-dir \"<dir>\"

EmailRelayOutStart

Start Email relay process on service startup. (To monitor outgoing email and forward via SMTP)

True

EmailRelayOutHosts

List of Name (or IP adress) and port of server(s) to forward all email to. Multiple servers are separated with a comma (,)
For exampe: server1:25,server2:25

Note: Ensure that when the setting is updated the config file doesn't contain settings called 'EmailRelayOutServer' or 'EmailRelayOutPort' (delete them if they exist).

localhost:25

EmailRelayOutParameters

Parameters that are passed to email relay application

--no-daemon --hidden --no-smtp --poll 1 --forward-to localhost:25 --spool-dir \"<dir>\"

EmailRelayInDirection

Determine the direction of emails. Possible values :

0 = Incoming
1 = Outgoing
2 = Determine email direction using the local domain list in parameter EmailRelayInLocalDomains

(If sender's email domain exists in parameter EmailRelayInLocalDomains direction is outgoing, or else incoming)

0

EmailRelayInLocalDomains

List of local domains. Separate multiple domains with a semi colon (;). For example opswat.com;mycompany.com.

Used to perform recipient verification (any recipient with a domain different than the specified domain(s) will be rejected at the SMTP protocol level).

Also used when EmailRelayInDirection is set to 2 in order to determine direction.

*

(by default all domains are accepted)

EmailRelayInQueueThreshold

Maximum inbound email queue size (exceeding this value will generate an email alert)

100

EmailRelayOutQueueThreshold

Maximum outbound email queue size (exceeding this value will generate an email alert)

100

EmailRelayOutRetryStart

Start the retry monitor thread (for emails that failed submission)

True

EmailRelayOutRetryInterval

Duration between submit retries (increasing with retry count).

00:00:30

EmailRelayOutRetryMaxInterval

Maximum duration between retries.

00:10:00

EmailRelayOutRetryCount

Maximum number of submit retries before email is moved to permanent failure

60

EmailRelayOutQueue
BadThreshold

Maximum number of .bad files in email queue (exceeding this value cause email alert to be generated)

10

EmailRelayOutPermanent
FailureThreshold

Maximum number of items in permanent failure (exceeding this value cause email alert to be generated)

1

EmailRelayOutMaxConnections

Maximum number of simultaneous SMTP connections when forwarding emails to remote server.

OS dependant

EmailRelayInRetryStart

Start the retry monitor thread (for emails that failed processing)

True

EmailRelayInRetryInterval

Minimum duration between process retries

00:01:00 (1 minute)

EmailRelayInRetryCount

Maximum number of process retries before email is moved to process failure

10

MaxMonitorProcessThreads

Maximum number of emails processed simultaneously

Dynamically calculated

FastNoAttachment
ProcessingEnabled

Avoid sending emails without attachments for processing (improved performance)

True

LowPriorityMinSize

Minimum size (in MB) for emails that will be processed on the low priority threads

1.5

HighPriorityMaxSize

Maximum size (in MB) for emails that will be processed on the high priority threads

0.1

UseAdjustingThreads

Specifies if monitoring threads for incoming emails should adjust thread count dynamically or have fixed count

yes

AddressValidation

Specifies if Mail Agent should perform address validation on the incoming emails to detect invalid address (e.g. root@smth, ..@stop, inv'/alid)

true

EmailRelayInUseTls

Enable TLS for incoming SMTP connections

false

EmailRelayInForceTls

Force all incoming SMTP connections to use TLS (only used when EmailRelayInUseTls is true)

false

EmailRelayOutUseTls

Enable TLS for outgoing SMTP connections

false

EmailRelayInTlsCertificate

TLS certificate for incoming SMTP connections (only used when EmailRelayInUseTls is true) Example:-----BEGIN CERTIFICATE-----MIIFYDCCA0igAwIBAgIJALmTg...-----END CERTIFICATE-----

null

EmailRelayInTlsKey

TLS certificate private key for incoming SMTP connections (only used when EmailRelayInUseTls is true) Example:

-----BEGIN PRIVATE KEY-----MIIJQgIBADANBgkqhkiG9w0BA....-----END PRIVATE KEY-----

null

EmailRelayOutClientCertificate

Client certificate for outoing SMTP connections (used when a server requests a client certificate) Example:
-----BEGIN CERTIFICATE-----MIIJQgIBADANBgkqhkiG9w0BA....
-----END CERTIFICATE-----

null


Metadefender.Quarantine.Mail.dll.config

Name

Description

Default Value

StartRestServer

Start the REST server (SmtpConfiguration)

True

SubmitCommandTimeout

Timeout for SMTP commands

00:01:00 (1 minute)

EmailSubmission
RequestExpireSpan

TTL (Time To Live) for an SMTP submit request. If email has not been submitted within this timespan the request is lost

01:00:00 (1 hour)


Metadefender.Engine.History.dll.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

HistoryEntryExpireSpan

Duration to keep history entries in the database

91:00:00 (91 days)

StartRestServer

Start the REST server (History)

True


Metadefender.Email.Engine.Processor.dll.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

StartRestServer

Start the REST server (Processor)

True

ConvertTnefMessagesToSmtp

Convert TNEF encoded emails to MIME format

False

MonitorMode

Enables a monitoring mode of the Mail Agent. When set, no emails will be sanitized or quarantined (even when infected etc.)

False

AddXHeadersToOutgoingEmail

Force Mail Agent to add x-headers (Custom Email Headers) to outgoing emails

False

EmailProcessedHeaderName

MIME Header name for emails processed by Mail Agent in order to avoid duplicates

X-Metadefender-EmailSecurity-Id

EmailAddCustomXHeaders

Add custom x-headers to each email processed by Mail Agent. See Custom Email Headers for more information.

 

EmailBlockedQuarantineMode

Option to move blocked emails to MD Core quarantine or submit them via SMTP for quarantine by other service.

Possible values are REST (MD Core Quarantine) or SMTP

REST

EmailSanitizedQuarantineMode

Option to move original copy of sanitized emails to MD Core quarantine or submit them via SMTP for quarantine by other service.

Possible values are REST (MD Core Quarantine) or SMTP

REST

EmailQuarantineHeaderName

The name of the X-Header that will be added to emails when EmailBlockedQuarantineMode or EmailSanitizedQuarantineMode is set to SMTP.

Header value will always be 'True'

X-Metadefender-To-Quarantine

DoSpfCheck

Enables SPF (Sender Policy Framework) lookups in Mail Agent. Result is placed in a header.

False

SpfCheckHeaderName

The name of the X-Header where to store the SPF lookup result

X-Metadefender-Spf-Result

SpfCheckReasonName

The name of the X-Header where to store a reason for a failed/skipped SPF lookup

X-Metadefender-Spf-Reason


Metadefender.Scanner.dll.config

Change will be applied within 30 seconds without restarting mail agent service.

Name

Description

Default Value

MetascanMode

Possible values areCOM, RESTv1 and RESTv2

RESTv2

MetascanScanTimeout

Scanning timeout

00:05:00

MetascanScanQueueTimeout

Metadefender Core In Queue timeout

00:05:00

MetascanScanProgressPauseMS

Used in RESTv2 mode. Pause (in ms) between progress request calls

100

MaxMetadefenderCore
InQueueThreshold

If this limit is exceeded an alert will be sent saying that Metadefender Core is unresponsive and email delivery might be slower

250

MetadefenderUnavailableRetrySpan

Minimum pause for retry after a Metadefender Core goes down (only applicable if multiple scanners are configured)

00:01:00

MetadefenderAvergeScanTimeSpan

Span for for scan times when calculating average scan time (when using multiple MD Cores)

00:01:00

UrlPrioritzationMethod

Metadefender Core Url prioritization method. Possible vaules: RoundRobin, Circular, ScanTime

RoundRobin

LogAllRequests

Increased logging. When set to true it will log all GET requests for getting scan settings and email disclaimers

false

Metadefender.Quarantine.dll.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

MaintenanceInterval

Interval between checking folder actions & auto-deliver

00:00:30

RunAutoActionThread

Start the thread checking folder actions & auto-deliver

True

CompressionMode

Quarantine item compression mode. Possible values are None, Zip

Zip

MonitoringFolderId

Predefined Quarantined folder id

 

QuarantineReportId

Predefined Quarantine Report id

 

StartRestServer

Start the REST server (Quarantine)

True

ReportUidExpireSpan

Expiry time for entries used to record which quarantine items were inlucded in Quarantine Reports

1095:00:00

MaxQuarantineItemSize

Maximum buffer size when accepting quarantine items via REST

long max value

EmailAlertExpireSpan

The minimum interval between unique email alerts (errors). This is used to prevent too many alerts being sent during continuous errors

01:00:00


Metadefender.Email.Engine.Service.exe.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

LogName

Log name

Metascan.Email.Engine.Service

LogFilename

Log file name

Metascan.Email.Engine.Service.log

ComponentList

List of component loaded by service at startup

 

RestBaseUrl

REST server base URL

http://<computer_name>:8000

QuarantineBaseUrl

Metadefender Core Quarantine server base URL

http://<computer_name>:8000

MetascanUrl

Metadefender Core REST URL

http://<core_url>:8008/metascan_rest

MetascanApiKey

Metascan API key (encrypted)

 

StatusCheckInterval

Interval between component status checks (for error alerts)

00:00:30

UsePerformanceCounters

Creates a performance counter category (Metadefender Generic Mail Agent) for monitoring and recording processing data

False

ScanEmailBody

Specifies if Mail Agent should scan the body of the email

True

MaxRetries

Maximum number of retries before quit trying to connect to Metadefender Core

10000

TimeBetweenRetries

Number of milliseconds before attempting to connect to Metadefender Core

6000

UpdateUrlsOnStartup

Specifies if the service should attempt to update config URLs at startup.

Note: If MD Core load balancing is configured (multiple MetascanUrl's) no URL update will be performed for that setting, regardless of this value.

True

MetadefenderCoreIsLocal

Specifies if Metadefender Core is installed locally

True when installed with Metadefender Core

False when installed remotely

ConnectionCheckOnStartup

Specifies if Mail Agent should do a connection + valid license test on service startup. If enabled Mail Agent will not intercept emails before MD Core is responding.

False


Metadefender.Quarantine.Service.exe.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

MongoDbUrl

Mongo DB URL

mongodb://localhost:27018

MongoDbUrlEncryptionMode

MongoDb Url value encryption mode. Possible values are None, Encrypted

None

MongoDbName

MongoDB database name

MetadefenderQuarantine

MongoDBStartupTimeout

Timeout to wait for MongoDB to respond

00:00:30

LogName

Log name

Metascan.Email.Engine.Quarantine.Service

LogFilename

Log file name

Default is Metascan.Email.Engine.Quarantine.Service.log

ComponentList

List of component loaded by service at startup

 

RestBaseUrl

REST server base URL

http://<computer_name>:8000

QuarantineBaseUrl

Metadefender Core Quarantine server base URL

http://<computer_name>:8000

MetascanUrl

Metadefender Core REST URL

http://<core_url>:8008/metascan_rest

MetascanApiKey

Metadefender API key (encrypted)

 

WebBaseUrl

Metadefender Web Site base URL

http://<core_url>:8008//management/#

MongoDBStartupTimeout

Time to wait for MongoDB database to start

00:00:30

UpdateUrlsOnStartup

Specifies if the service should attempt to update config URLs at startup

True

MetadefenderCoreIsLocal

Specifies if Metadefender Core is installed locally

True when installed with Metadefender Core

False when installed remotely


Metadefender.Engine.Statistics.dll.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

StartRestServer

Start the REST server (Statistics)

True

StatisticsEntryExpireSpan

Duration to keep statistics entries in the database

31:00:00

StatisticsEntryInterval

Interval used when storing statistics. Possible values are Minute, TenMinute, Hour, Day

Minute

Metadefender.Engine.Events.dll.config

Any change on this config file requires restarting Mail agent service.

Name

Description

Default Value

EventEntryExpireSpan

Duration to keep system event entries in the database

91:00:00 (91 days)

StartRestServer

Start the REST server (Events)

True


XML schema for config file

Below is a sample configuration file.

File Format
<?xml version="1.0"?>
<configuration>
<applicationSettings>
<[namespace]>
<setting name="[name]" serializeAs="String">
<value>[value]</value>
</setting>
</[namespace]>
</applicationSettings>
</configuration>

Attribute

Description

namespace

For display reasons only. For example: Metadefender.Common

name

Setting name. Example: InstallationFolder

value

Setting value. Example: c:\MyInstallFolder