When an HTTP request is made to scan a file or a block of memory, there are two ways to increase the detection rate by specifying an optional scan task context:
url
field of the POST request body:http://example.com
The supported protocols are HTTP, HTTPS, and FTP.
If the URL is unknown, we recommend that you use http://example.com
as the scan task context.
[from:%sender_address%]
, for example:[from:example@example.com]
If the sender's email address is unknown, we recommend that you use [from:test@relay.example]
as the scan task context.
Below is an example of an HTTP request to scan a local file received from the web. Note the use of the url
field to specify the web address of origin:
POST /api/v3.0/scanfile HTTP/1.0 Content-Type: application/octet-stream Content-Length: 22
{ "timeout": "10000", "object": "\/home\/user\/eicar", "url": "http:\/\/example.com" } |
The response is the same as in section "Example of an HTTP request to scan a local file".
requestHeaders
and responseHeaders
fields of the POST request body.Note that you can combine the two types of scan task context to further boost the detection rate. In the example below, the request and response headers are specified along with the web address of origin.
POST /api/v3.0/scanfile HTTP/1.0 Content-Type: application/octet-stream Content-Length: 22
{ "object": "\/home\/user\/eicars.tar", "requestHeaders": ": authority: example.com\r\n: method: GET\r\n path:\/ \r\n:scheme: https\r\naccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8\r\naccept-encoding: gzip, deflate, br\r\naccept-language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,mt;q=0.6\r\ncache-control: no-cache\r\npragma: no-cache\r\nupgrade-insecure-requests: 1\r\nuser-agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/71.0.3578.98 Safari\/537.36", "responseHeaders": "accept-ranges: bytes\r\ncache-control: max-age=604800\r\ncontent-type: text\/html; charset=UTF-8\r\ndate: Thu, 31 Jan 2019 18:51:11 GMT\r\netag: \"1541025663\"\r\nexpires: Thu, 07 Feb 2019 18:51:11 GMT\r\nlast-modified: Fri, 09 Aug 2013 23:54:35 GMT\r\nserver: ECS (dca\/532C)\r\nstatus: 200\r\nvary: Accept-Encoding\r\nx-cache: HIT", "url": "http:\/\/example.com" } |
The successfully processed request will result in the following response:
HTTP/1.0 200 Ok Connection: close Content-Type: text/plain Server: KAVHTTPD/1.0 X-KAV-ProtocolVersion: 3 Date: Wed, 30 Jan 2019 15:46:29 GMT Content-Length: 75
{ "object": \/home\/user\/eicars.tar", "scanResult": "DETECTED", "detectionName": "multiple", "subObjectsScanResults": [ { "object": "\/home\/user\/eicars.tar\/\/eicar1", "scanResult": "DETECTED", "detectionName": "EICAR-Test-File" }, { "object": "\/home\/user\/eicars.tar\/\/eicar2", "scanResult": "DETECTED", "detectionName": "EICAR-Test-File" } ] } |