MetaDefender Configuration

IP address of the computer that runs MetaDefender Core to serve REST API and web user interface (* means listening from all interfaces including IP version 4 and 6).

Just in case IP version 6 is not enabled on the system, then changing it to 0.0.0.0 to limit to IP version 4 only.

Support database mode, possible values:

• 0: Not used for now, reserved
• 1: Standalone Core (default)
• 2: Core instance in Distributed Cluster deployment
• 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)
• 4: Shared database model (all Core instances will share the same database)

After changed, a Core service restart is required to take effect. Only available starting MetaDefender Core 4.19.2

Full path of a directory to use for storing temporary files rather than using their default directories: /var/tmp/ and /tmp

Users need to prepare this directory in advance.

MetaDefender Core creates a subfolder called ometascanand ometascan/resources in the directory.

Default: /var/tmp/ometascan/resources/

Should only set this key when logfile key is also set accordingly. Supported values:

• 0: All logs are not rotated, except for NGINX log.
• 1 (default mode), enable to rotate log:
  • Rotation process will be performed every day or when file size reaches 1GB.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile.
  • All generated log packages included in MetaDefender Core support package.

Override specific log ids to display them on another level e.g.: "1723:error,663:info"

If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

When enabled (set to 1), upgrading MetaDefender Core will auto skip migrating history processing data which is usually big in size (only migrate configurations and audit history).

This setting is to save upgrade time when users do not need to migrate entire scan data.

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines

Exception:

• Archive engine (extraction): default = -1 (unlimited)
• Archive engine (compression): default = 20
• Proactive DLP engine: default = 5
• Sandbox engine: default=5

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

• ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20
• 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)
  • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)
    • 7z_compress (parallelcount_7z_compress) : Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20

Fine-tuning this interval between the range of 100-200ms may help stabilize the performance and processing time when dealing with small archive files or office document files under high load.

In case this polling interval is set to out of range (invalid number, < 100, or > 1000), the application cannot start, and an exception will log to system event log.

IP address of the computer that runs MetaDefender Core to serve REST API and web user interface (* means listening from all interfaces including IP version 4 and 6).

Just in case IP version 6 is not enabled on the system, then changing it to 0.0.0.0 to limit to IP version 4 only.

Support database mode, possible values:

• 0: Not used for now, reserved
• 1: Standalone Core (default)
• 2: Core instance in Distributed Cluster deployment
• 3: Non-persistent mode (Core will not write any scan result into database, client must use webhook scanning fashion to retrieve scan result)
• 4: Shared database model (all Core instances will share the same database)

After changed, a Core service restart is required to take effect. Only available starting MetaDefender Core 4.19.2

Full path of a directory to use for storing temporary files.

Users need to prepare this directory in advance.

MetaDefender Core creates a subfolder called resources in this folder.

Default: <installation directory>\data\resources

Level of logging. Supported values are: debug, info, warning, error.

Must set value on this key when logfile key is also set accordingly.

This setting is only applicable on Windows only (on Linux, we use built-in OS log rotation). Should only set this key when logfile key is also set accordingly. Supported values:

• 0: Core logs are not rotated.
• 1 (default mode), enable to rotate log:
  • Rotation process will be performed every day or when file size reaches 1GB.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile.
  • All generated log packages included in MetaDefender Core support package.

Override specific log ids to display them on another level e.g.: "1723:error,663:info".

If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

This setting is only applicable on Windows only (on Linux, we use built-in OS log rotation). Should only set this key when nginx_logfile key is also set accordingly. Supported values:

• 0: Nginx logs are not rotated.
• 1 (default), enable to rotate log:
  • Rotation process will be performed every day, regardless of file size.
  • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.
  • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: nginxlog.log-20200330.gz), all saved in same location with what you set in nginx_logfile.
  • All generated log packages included in MetaDefender Core support package

When enabled (set to 1), upgrading MetaDefender Core will auto skip migrating history processing data which is usually big in size (only migrate configurations and audit history).

This setting is to save upgrade time when users do not need to migrate entire scan data.

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines

Exception:

• Archive engine (extraction): default = -1 (unlimited)
• Archive engine (compression): default = 20
• Proactive DLP engine: default = 5
• Sandbox engine: default=5

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

• ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20
• 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)
  • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)
    • 7z_compress (parallelcount_7z_compress) : Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20

Fine-tuning this interval between the range of 100-200ms may help stabilize the performance and processing time when dealing with small archive files or office document files under high load.

In case this polling interval is set to out of range (invalid number, < 100, or > 1000), the application cannot start, and an exception will log to system event log.