Kaspersky Scan Engine

Format of a response to a scan POST request

If a scan POST request is successfully processed, the response body contains a JSON object with the following fields:

where:

• object contains the full path to the scanned file (if a request is made to /api/v3.0/scanfile) or to a "memory" string (if a request is made to /api/v3.0/scanmemory).
• scanResult is the scan result and can have the following values:
  • CLEAN
  • DETECTED
  • DISINFECTED
  • DELETED
  • NON_SCANNED
  • SERVER_ERROR
• detectionName is the name of the detected malicious object in the Kaspersky Lab classification system.
• containsOfficeMacro is the binary flag that has a value of true if a macro was detected in the object and false otherwise.
• subObjectsScanResults is an array of scan results for each sub-object nested in the object that was scanned. This field with all of its sub-fields is only included in the response body if the scanned object contains nested sub-objects.
  • subObjectsScanResults/object is the path to the nested sub-object. Note that the path to the sub-object is separated from the path to its parent object by a double slash (//), for example:

    /home/user/archive.tar//folder/subobject

  • subObjectsScanResults/scanResult is the scan result for the nested sub-object.
  • subObjectsScanResults/detectionName is the name of the detected malicious object in the Kaspersky Lab classification system.
  • subObjectsScanResults/containsOfficeMacro is the binary flag that has a value of true if a macro was detected in the nested sub-object and false otherwise.

If a POST scan request is processed with an error, the response body contains a JSON object with a single error field:

where error contains the description of the error that occurred during the request processing.