Metadefender Core

Metadefender Core

Metadefender Core

Developer’s Description


Metadefender is a powerful and flexible security solution for ISVs, IT admins and malware researchers, providing simultaneous access to multiple anti-malware engines, heuristics, data sanitization and additional threat protection technologies residing on a single system.

At the heart of the solution, the Metadefender Core multi-scanning engine uses up to 40+ anti-malware engines to scan files for threats, significantly increasing malware detection.

Metadefender can be used to analyze a large database of files and provide extensive data points about which engines have detected each threat. It is also easy to use alongside other analysis software, including dynamic analysis solutions, to provide detailed contextual information about files.

Metadefender Core exposes a rich set of APIs that can be used to build powerful multi-scanning and data sanitization features into existing solutions and security architectures. Our flexible integration options include both REST and COM, making Metadefender Core an attractive option for a variety of users. IT administrators make use of these APIs to build Metadefender Core into their network architecture alongside dynamic analysis solutions, file upload servers, and MFTs. Software developers at ISVs often utilize the APIs to integrate the extra security provided by Metadefender into their development processes. See our use cases for a range of anti-malware API solutions that can be created with Metadefender Core.

The available APIs include basic methods for scanning a file and retrieving existing scan results using a SHA1, SHA256 or MD5 hash, as well as methods for rescanning files, downloading previously scanned files and retrieving the queue size. APIs are also available for retrieving statistics from Metadefender Core, including file type information, scan history, recent threats and server health.

Metadefender Core is designed with the ability to deploy in offline environments. We provide mechanisms for downloading and distributing antivirus updates to any offline Metadefender Core servers so that the virus definitions can be kept up-to-date, even in secure, locked-down environments with limited or no network connectivity. This is important for air-gapped facilities that need to isolate their environment. In air-gapped environments, customers often use Metadefender Core with the Metadefender Kiosk to regulate the flow of data into the organization. Read the Metadefender Kiosk deployment options page for examples of offline deployment setups, or view our offline update configuration video to review the process in detail.

All Metadefender Core packages also provide the ability to implement an in-house file scanning site, like our Metadefender demo, given certain technical requirements. This web interface feature can create a complete, static file scanning solution suitable for malware analysis in off-line or locked-down environments, allowing everyone with a web browser in your network to quickly determine the status of a file (clean or infected) as well as the particular threat identified (class of malware, name, engines that detected the threat).

Metadefender Core has multiple anti-malware scanning engines embedded within its framework at the API level. This means that scanning operations are executed from a single system with a high level of performance, which cannot be achieved by simply passing files to separate command-line or GUI based versions of anti-malware products. Anyone looking to integrate with an anti-malware solution created by Kaspersky Lab or Symantec via API or SDK will find Metadefender Core to be an ideal security solution.

On-premises, Metadefender Core can be deployed on both Windows and Linux appliances. Metadefender Core supports many different 64-bit Linux distributions, including Debian, Red Hat Enterprise Linux, CentOS and Ubuntu. Metadefender Core for Linux provides enhanced security features as well as load balancing for high-volume scanning by deploying multiple scan agents with one Metadefender Core server. Metadefender Core for Linux can be used in high-availability deployments using Linux tools such as Heartbeat and Corosync

OPSWAT MetaDefender Core protects your organization by preventing advanced cybersecurity threats across multiple data channels. MetaDefender Core enables you to integrate advanced malware prevention and detection capabilities into your existing IT solutions and infrastructure for better handling common attack vectors: securing web portals from malicious file upload attacks, augmenting cybersecurity products, and developing your own malware analysis systems.

Release Highlights

Enforce Mutual Authentication for Callbacks

MetaDefender Core 4.21.2 provides an additional security mode for HTTPS callbacks. This enhancement helps prevent man-in-the-middle attacks, as threat actors can attempt to leverage the communication between MetaDefender Core and its clients to intercept and tamper with passing messages.

The mutual authentication for secured webhook mode adds a security layer to prevent situations like this from happening. Learn more about webhook authentication

Webhook Callback for Sanitized File Download (beta)

Once a file that isn’t password-protected has been sanitized, MetaDefender Core will send both the results and the sanitized file content back to the client via a webhook callback.

Before this version, only the analysis results information (file type, number of anti-virus engines, scan status, etc.) were returned through webhook.

SSL Connection Between MetaDefender Core and PostgreSQL

Secure Sockets Layer (SSL) helps in protecting data by encrypting information into undecipherable formats. Version 4.21.2 supports SSL certificates to secure data in transit between MetaDefender Core and PostgreSQL.



Product Overview

OPSWAT MetaDefender Core protects your organization by preventing advanced cybersecurity threats on multiple data channels. MetaDefender Core leverages several proprietary technologies, including Deep Content Disarm and Reconstruction (Deep CDR), Multiscanning, File-Based Vulnerability Assessment, Data Loss Prevention and Threat Intelligence.

Release Highlights

Exclude Password-Protected Documents from Blocklist

Until this release, sanitization of password-protected documents was not supported. These files were blocklisted when you enabled the “BLOCKLIST UNSUPPORTED FILE TYPE” option in the Deep CDR workflow rule.

Now, via the new setting, you can exclude them from falling under the blocklist category. In your Workflow rule, go to the Deep CDR tab, and check the box EXCEPT THE PASSWORD PROTECTED OFFICE DOCUMENTS.

By default, this setting is not enabled to keep backward compatibility.

New CLI Tool to Analyze and Deeply Vacuum Database

PostgreSQL databases can become bulkier over time with high scanning traffic. In this version, we include the new file ometascan-vacuum-db that is bundled with your MetaDefender Core installation. When running simultaneously with MetaDefender Core, this tool will analyze your PostgreSQL database, vacuum the database effectively, and simplify IT administration processes.

Although not required, we recommend that you run this tool when MetaDefender Core scanning is at rest or not during peak hours to avoid scanning performing impact.

You can download the ometascan-vacuum-db file here:

  • Windows: <MetaDefender Core installation folder>\ometascan-vacuum-db.exe
  • Linux: /usr/sbin/ometascan-vacuum-db

Upgraded Third-Party Libraries

We made adjustments to the upgraded third-party libraries in MetaDefender Core 4.21.1 for even more security enhancement:

  • (Built-in) PostgreSQL from 12.6 to 12.7
  • NGINX web server from 1.18.0 to 1.20.1
  • Remove outdated jsPDF 1.5.3

New Scan Status for Vulnerability Assessment

When the Vulnerability Assessment module is not enabled, the relevant vulnerability results in the MetaDefender Core scan result UI will be shown as “not configured”, instead of “no vulnerability found”.



MetaDefender Core allows you to integrate advanced malware protection and detection into your IT solutions and applications, for instance to secure web portals from file upload attacks, enhance cyber security products, and develop malware analysis systems.

Using our REST API, you can easily leverage MetaDefender’s high-speed multiscanning, deep content disarm and reconstruction (Deep CDR), and file-based vulnerability assessment technologies, preventing zero-day attacks and unknown threats as well as providing close to 100% known threat detection, without affecting performance. MetaDefender Core also includes proactive data loss prevention (Proactive DLP) capabilities to detect and block sensitive content in files.

MetaDefender Core Features

Deep Content Disarm and Reconstruction (Deep CDR)

Sanitize and reconstruct over 30 common file types, ensuring maximum usability with safe content. Over 100 file reconstruction options are available. For example, to allow you to flatten files to less complex formats.


Choose from over 30 leading anti-malware engines in flexible package options. Third party anti-malware licenses are included.

File-Based Vulnerability Assessment

Scan binaries and installers to detect known application vulnerabilities before they are executed on endpoint devices, including IoT devices.

Proactive Data Loss Prevention (Proactive DLP)

Content-check 30+ common file types for sensitive information before they are transferred.


Use almost any programming language to leverage MetaDefender technology

File Type Verification

Verify over 4500 File types to combat spoofed file attacks

Workflow Engine

Create your own workflow for multiscanning and deep content disarm and reconstruction (Deep CDR) and customize the order and process in which files are handled, based on user, file source, and file type.

Deployment Platforms

Deploy on Windows or Linux servers in your environment, even if it is air-gapped, or in our cloud using

Archive Extraction

Multiscanning and deep content disarm and reconstruction (Deep CDR) for more than 30 types of compressed files. Archive handling options are configurable, and encrypted archives are supported.


  • Prevent File-borne Threats
  • Protect Sensitive Information
  • Easy Deployment via REST API
  • Maximize Threat Detection
  • High Performance

Leave a Reply

Your email address will not be published. Required fields are marked *