Email Processing Workflow (Metadefender Core)

Email Processing

An email message consists of the email body and any attachments. Email attachments are application specific file formats while the email body format can be RTF, plain text, or HTML depending on how senders compose the message or which email client they use. When email is processed (e.g., multi-scan and data sanitization) by Metadefender, these components are scanned separately instead of being processed as a whole. By doing this Metadefender increases the detection of malware, file type mismatch and more. Also, Metadefender's data sanitization technology can be applied to the specific contents where it is applicable.

For example, an email body could be in HTML format and have two attachments, one PDF file and one mp3 audio file. if Metadefender administrators configure to scan all file types and sanitize PDF and HTML file types, the email body and PDF file attachment will be scanned and sanitized while the mp3 will only be scanned. The email will be recreated with these sanitized components and sent to the recipient.

Metadefender Mail Workflow

Metadefender Mail Workflow relies on Metadefender Core's "Mail Agent" workflow. You can modify the workflow through the following pages.

  • Sources > Metadefender Email > Workflows

images/download/attachments/20221023/image2016-6-14_14_43_58.png

  • Metadefender Core > configuration > Workflows

images/download/attachments/20221023/image2016-9-13_17_57_17.png

Modify Metadefender Core URL

  1. Navigate to the Metadefender Mail agent folder (by default, this is C:\Program Files (x86)\OPSWAT\Metadefender Core X\Metadefender Mail Agent).

  2. Open Metadefender.Email.Engine.Service.exe.config in a text editor and change the following section, replacing *DNS_or_IP* with your server's real DNS hostname or IP address.

    Original

    New

    <setting name="RestBaseUrl" serializeAs="String">
    <value>http://*DNS_or_IP*:8000</value>
    </setting>
    <setting name="QuarantineBaseUrl" serializeAs="String">
    <value>http://*DNS_or_IP*:8000</value>
    </setting>
    <setting name="QuarantineProtocol" serializeAs="String">
    <value>REST</value>
    </setting>
    <setting name="MetascanUrl" serializeAs="String">
    <value>http://*DNS_or_IP*:8008/metascan_rest</value>
    </setting>
    <setting name="RestBaseUrl" serializeAs="String">
    <value>https://*DNS_or_IP*</value>
    </setting>
    <setting name="QuarantineBaseUrl" serializeAs="String">
    <value>https://*DNS_or_IP*</value>
    </setting>
    <setting name="QuarantineProtocol" serializeAs="String">
    <value>REST</value>
    </setting>
    <setting name="MetascanUrl" serializeAs="String">
    <value>https://*DNS_or_IP*/metascan_rest</value>
    </setting>

  3. Restart the Metadefender Mail Agent service