2.1.3. Overview of the Gmalcore engine

The Gmalcore detection engine enables:

• detecting malware by means of a static and heuristic multi-engine analysis of files in real time

• scanning via 16 anti-virus engines

• scanning capacity close to 200,000 files per 24 hours

• obtain the name(s) of the threat and a threat score

• rapid identification of threats

The 16 anti-virus engines are displayed under the name `engine hash` in the web interface.

Maximum file size	50 MB
Analysis timeout	2 minutes
Type	light

Events generated by Gmalcore are displayed in the `Heuristic` section of the GBox analysis report.

---

2.1.3.1. Viewing the Gmalcore status

Viewing the current state of the engine is shown in the `Analysers` screen of the Web UI.

---

2.1.3.2. Gmalcore update

Updates are available for the Gmalcore engine.

These updates can be done manually or scheduled via GUM.

See the Overview of GUM: dedicated module for managing updates section and in particular the Updates to detection signatures and/or anti-virus engines section.

---

2.1.3.3. Configuring Gmalcore

The Gmalcore configuration shows engine statuses including status, date of last update, etc.

The configuration GUI is described in the `Gmalcore configuration` screen section.

The implementation of the Gmalcore configuration is provided in Procédure to configure the Gmalcore engine.

---