OPSWAT Launches MetaDefender Cloud Email Security. Read More

MetaDefender Cloud

Cloud-Based Advanced Threat Prevention and Malware Analysis

MetaDefender Cloud API provides enterprise malware researchers, incident response teams, and technology providers with comprehensive APIs to leverage advanced threat detection and prevention technologies.

Using our REST API, organizations can easily add cloud-based detection and prevention of cybersecurity threats using deep content disarm and reconstruction (Deep CDR) and multiscanning with 20+ anti-malware engines. Our “Trust no file” philosophy led us to create a cloud platform dedicated to securing organizations against file-based attacks.

Analyze suspicious files and URLs

Files continue to be the main attack vector used today. Organizations running critical infrastructure must take strong preventive measures in their day-to-day operations to protect against attacks. CISOs and SOCs face great challenges to keep the security of organizations up to date with the latest industry best practices. OPSWAT builds market-leading technologies with malware detection and prevention capabilities. MetaDefender Cloud makes OPSWAT technologies available in a comprehensive cloud-based service, fast and highly available.



Increase detection rates, decrease outbreak detection times and provides resiliency to anti-malware vendor issues. Simultaneous analysis using 20+ industry-leading antimalware engines such as McAfee, Kaspersky, or Bitdefender, using signatures, heuristics and machine learning.

No single engine detects all possible malware. See how detection rates compare depending on the number of AV engines involved in multiscanning in our Package Efficacy Report.

Samples: Dridex,Wannacry, Phobos

Deep CDR

Prevent Zero-Day and targeted attacks using OPSWAT’s Deep CDR technology (ranked # 1 in the industry). We assume all files are malicious and sanitize and rebuild each file preserving the same visual data with safe content.

The technology is highly effective for preventing unknown threats, including zero-day targeted attacks and threats that are equipped with malware evasion technology.

Samples: Word document, PDF, RTF

Sandbox Dynamic Analysis

Detonate malware in a controlled environment to expose malicious behavior by recording and classifying file behavior. Not all malware is detectable by static methods such as multiscanning, especially new malware relying on zero-day attacks. OPSWAT Sandbox expands the malware detection capabilities of MetaDefender Cloud, giving organizations a complete toolset of security technologies.

Sample: Dragonfly, Kronos, Emotet

Rich Metadata

MetaDefender Cloud analyzes and extracts rich file metadata, giving security professionals access to information that exposes potential file irregularities or malicious capabilities. This includes Portable Executable information, EXIF data, Android manifest and others.

OPSWAT detects and classifies files based on software vendors and products and ties the data together with the vulnerability database from NIST, and data reported from hundreds of thousands of live endpoints running MetaAccess.

Samples: APK Metadata, Binary Reputation,PEinfo, EXIF

Threat intelligence platform

40+ Billion Hashes

We have collected file reputation data since 2012: multiscanning results and file metadata classified by MD5, SHA1, and SHA256 hashes to build a comprehensive file lookup service for our users. We offer flexible daily limits and our REST API is simple and easy to use. We currently have over 40 billion hashes in our database.


Threat Intelligence Feeds

We provide live feeds for both blocklisting and allowlisting hashes which can also be used in offline environments.
The feeds are updated instantly with the latest file hashes analyzed by our platform from various sources including malware sharing programs, customer files and more.

Read more

IP and Domain Intelligence

By applying the same multiscanning principles, we gather data from multiple real-time online sources specialized in IP addresses, domain and URL reputation to provide a lookup service that returns aggregated results to our users.

Read more

Community Driven

MetaDefender Cloud is also available as a free service with users from all around the world including malware analysts and security professionals looking to unveil hidden malware in files and internet locations. We encourage our community to contribute files and vote on results, and we share this information with every user.

Join our community

Use cases

Prevent Malicious File Uploads

Preventing malicious file uploads for web applications that are bypassing sandboxes and single anti-malware detection solutions.

Deep Content Disarm and Reconstruction (Deep CDR): Disarm 90+ common file types, and reconstruct each file ensuring full usability with safe content.

Scan with 20+ anti-malware engines using signatures, heuristics, and machine learning technology for the highest and earliest detection of known and unknown threats.

Perform Malware Analysis Quickly and Effectively

Performing malware analysis quickly and effectively. Malware analysts can take advantage of more than 20 anti-malware engines. The MetaDefender Cloud platform is easy to license and keeps data completely private with commercial options that do not store your files in the cloud. Your files will be processed privately in a temporary storage location and removed immediately after the analytical report is finished.

Prevent Unknown Threats with Deep CDR and Multiscanning

Adding advanced threat detection and prevention features to cybersecurity products. Reputation features can also be added to customer solutions. We provide sample code and detailed API documentation to help you bootstrap your integration. You can use almost any programming language to leverage MetaDefender technology with our APIs and your developers will get their prototypes done quickly without an additional learning curve

Supplement Your Threat Intelligence Framework

Threat Intelligence starts with the collection of information. Since 2012, OPSWAT has gathered malware data from a wide range of sources: free users, customers, our OEM community, and other cybersecurity vendors. The result is a massive online database of malware hashes and malware-related information.

OPSWAT's threat intelligence feed enables organizations to leverage real-time malware data collected by the MetaDefender Cloud platform from all around the world. Organizations integrate our up-to-date threat intelligence into their existing tools or solutions to protect their infrastructure against threats.

Protect Your Salesforce Environment

OPSWAT Cloud Security for Salesforce is a cloud-based security solution designed to complement the native security capabilities of the Salesforce platform. There are two modules – one for endpoint compliance and the other for file protection.

This solution inspects every device for endpoint security policy compliance before granting access to Salesforce. It also scans and sanitizes every file uploaded to Salesforce to prevent any potentially malicious content from hiding inside the file before it is made available in Salesforce.

Learn more about Cloud Security for Salesforce

Why choose a cloud security product?

Reliable & Scalable

Our cloud solution takes the burden of managing a software infrastructure from your organization.

Let us handle scaling, resiliency, updating, and many more, with an uptime of 99.9%!

Build-in privacy

Private scanning allows users to submit files to be analyzed by OPSWAT without sharing the file content.

After the analysis finishes, files are deleted from OPSWAT servers.

Up to date

We manage updating our infrastructure so your organization does not have to worry about engine definitions, software updates or unpatched vulnerabilities.

24/7 Support

With Standard, Gold and Platinum support levels available, our operators are always there to help your organization in case you experience any service issues.

Use cases

Web UI

The UI offers users full access to all the features offered by MetaDefender Cloud. For manual malware analysis or individual file and IP-Domain verification, the Web UI is a great tool to use from Desktop or Mobile.



All the functionality is also exposed as a REST API. With straightforward apikey authentication, easy to integrate into any application or SIEM, the API is perfect for automating file and IP-domain analysis.

Rest Api

Compliance & Certifications

Logo Iso

ISO 9001

Logo Aicpa

ISO 27001

Logo Aicpa

SOC2 Type 2

Licensing models

Prevention API

The MetaDefender Cloud Prevention API enables flexibility in processing and use of different technologies including:

  • Scanning a file by file upload
  • Data sanitization (Deep CDR) requests
  • Unarchiving and scanning individual files

Reputation API

The MetaDefender Cloud Reputation API includes multiple methods for information recall (single and bulk) including:

  • Retrieving scan reports using a file hash
  • Scanning IP addresses, URLs and domains
  • File metadata lookup

Analysis API

Analysis API includes access to our Sandbox dynamic analysis technology:

  • Execute files on multiple operating systems
  • Automated interpretation of the behavior
  • Configurable analysis settings

Please visit our licensing page for more details or contact us.