2.4.3. Archive Handling
The Archive Handling configuration determines how archives are handled within Metadefender Core. If archive handling is enabled, Metadefender Core extracts archives and scans the individual files within the archive.
-
Most common archive formats are supported, including Zip, PKLite, 7z, Jar, Jarc, rar, rar5, tar, taz, ISO, Gzip, CAB, ARC, ARJ, LZH, RPM, DEB, LZMA, WIM, SFX, XZ. Metadefender Core can also extract self-extracting archives created by both 7zip and WinRAR.
-
MS Office file (from 2007) is treated as an archive file when scanning.
The following settings apply if archive handling is enabled:
Property |
Description |
Default Value |
CLI config |
Additional info |
Enable Archive Handling |
Enables Metadefender Core’s archive library handling. |
Enabled |
le=<0|1> |
|
Max Recursion Level |
The maximum depth that Metadefender Core will continue to extract archives for scanning. After this depth is reached, Metadefender Core does not extract further archives but scans those archives as entire files. If the setting is 0, archives are not extracted. |
5 |
rl=<levels> |
Maximum value: 2147483646 |
Number of Files |
The maximum number of files that can be in an archive that Metadefender Core is extracting. If the number of files in an archive exceeds this value, Metadefender Core returns the result as a potential threat. |
50 |
an=<number> |
Maximum value: 2147483646 |
Total Size |
The maximum total size of files that can be in an archive that Metadefender Core is extracting. If the total size of files in an archive exceeds this value, Metadefender Core returns the result as a potential threat. |
2 GB |
as=<size in MB> |
Maximum value: Half the current available free space of the Metadefender Core temporary directory. If two temporary directories are set from different drives, the highest available space will be used. |
Simultaneous |
Specifies if multiple archive files undergo extraction concurrently. This may improve performance on a multi-core CPU, but means that the ram-drive size should be increased (since more unpacked archives may reside on it at the same time). |
Disabled |
ec=<0|1> |
|
Self-Extracting |
Specifies whether self-extracting archives should be extracted and treated as archives. |
Disabled |
sx=<0|1> |
|
Scan Original Un-extracted File |
In addition to scanning files inside of an archive after extraction, un-extracted archives are sent directly to engines for scanning. Note: If “extract_archive” for an engine is enabled, this potentially exposes performance overhead because extraction happens twice, once by Metadefender Core and once by the engine. |
Disabled |
soa=<0|1> |
|
Note: Microsoft Office Documents (e.g., DOCX files) are detected as archive files. OPSWAT recommends that you enable the option to scan the original un-extracted archive. These files are then scanned without being extracted.