In Part 2 of this blog series, I covered why it is important to do the following things in order to protect systems from malicious file uploads:

1. Scan files with one or more antivirus engines
2. "Sanitize" files via data sanitization
3. Extract archive files
4. Verify file type

See Part 1 of this series.
See Part 2 of this series.

In this post, I will explain how Metadefender antivirus API integrations enable file upload security solutions that do all four. I will also provide some technical details for those who would like to leverage our APIs.

Metadefender APIs

Metadefender is the leading fully automated malware prevention and detection system. Including innovative data sanitization (Content Disarm and Reconstruction), vulnerability assessment, and multi-scanning technology, Metadefender is the only cyber security platform that analyzes any kind of data and blocks, repairs, or recommends patching based on the Report generated.

OPSWAT offers a rich set of Metadefender REST APIs that system administrators and developers can use to integrate dynamic security features into their security architectures. These APIs can integrate with existing security for file upload servers to completely block malicious file uploads.

Metadefender offers a REST API integration for:

• Multi-scanning
  • Scan for known and unknown malware (signature and heuristic scanning)
  • A direct and simple way to integrate with the most reputable anti-malware solutions by leveraging their antivirus APIs
• Data sanitization/Content Disarm and Reconstruction
  • Remove any embedded objects that might be malicious from productivity documents
  • Sanitize documents "hidden" in an archive
• Archive extraction
  • Block archive bombs
  • Increase malware detection ratio by opening archives and analyzing each file individually
• File type verification
  • Detect the true file type of a file

Another extremely important Metadefender technology is the Metadefender Workflow Engine, which allows you to customize the exact workflow you need in order to properly analyze and to block any unwanted files.

API Integration for File Uploads: Instructions

In order to properly integrate with our Metadefender APIs, we recommend the following flow:

Analyze a file:

1. Submit a scan file request by calling the /file API endpoint
   • The process is done asynchronously and each request will be parallelized
   • The JSON response will provide a data_id, which is the unique identifier for the original request
2. Retrieve scan report
   • The scan report should be requested based on the received data_id
   • The request will be done to /file/{data_id}
     • The scan report will return partial data until the file is processed
     • Keep pooling until scan_results.progress_percentage is 100
3. Always check process_info node
   • process_info.result will provide data on status of the file: allowed/blocked
   • Always check process_info.post_processing node
     • This will provide insights about the additional steps defined in the workflow
     • This node should be used to retrieve the sanitized productivity document

The integration flow is detailed below (click the diagram to see a zoomable, full-size version):

Click diagram to see full-size version

Key Features

Environment

• Support for:
  • Windows (XP, Vista, 7, 8, 10)
  • Windows Server (2008, 2008R2, 2012, 2012R2, 2016)
  • Linux
    • CentOS 6.6, 7.0+, RedHat Enterprise 6.6, 7.0+
    • Debian 7.0
    • Ubuntu 12.04, 14.04
• Support for VMWare and VirtualBox
• Cloud integration available via Metadefender.com

Engines

• Over 30 anti-malware engines on-premises and over 40 in the cloud
• Over 90 data sanitization engines available for both on-premises and cloud deployments
• Over 30 supported archives
• Over 15,000 supported applications by the Metadefender Vulnerability Engine

Integration

• REST API for automated integration into your workflow (HTTP/S)
• Leverage official integrations by 30 technology partners
• STIX export available for Metadefender Core
• Threat intelligence feeds available for Metadefender.com

Deployment

• Online or offline environments
• Air-gapped environments supported by Metadefender
• Thousands of deployments worldwide, a third of which are in offline environments
• Remote assisted installations and workshops

Special Features

• Sanitize specialized productivity documents (JTD, HWP, XML)
• Notification of vulnerabilities within applications before installing them
• Protection from spoofing attacks and archive bombs
• Optimized archive scanning and sanitization

More Information

Want to see some sample reports? Take a look at our weekly multi-scanning efficiency for top threats statistics, data sanitization reports, or outbreak reports. Please get in touch for pricing information, evaluation accounts, technical presentations, or to request a quote.

See Part 1 of this series.
See Part 2 of this series.