Format of a response to a scan POST request

If a scan POST request is successfully processed, the response body contains a JSON object with the following fields:

{ "object": "%SCAN_OBJECT%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%", "subObjectsScanResults": [ { "object": "%SCAN_FILE%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%" }, … { "object": "%SCAN_FILE%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%" } ] }

where:

• object contains the full path to the scanned file (if a request is made to /api/v3.0/scanfile) or to a "memory" string (if a request is made to /api/v3.0/scanmemory).
• scanResult is the scan result and can have the following values:
  • CLEAN
  • DETECT
  • DISINFECTED
  • DELETED
  • NON_SCANNED
  • SERVER_ERROR

  If a request is made to /api/v3.0/scanfile or to /api/v3.0/scanmemory, the reason that the object is not scanned may be added to the NON_SCANNED result. For example:

  { "object": "\/home\/user\/Documents\/filestoscan\/test.zip", "scanResult": "NON_SCANNED (PASSWORD PROTECTED)", "containsOfficeMacro": "false" }

  Possible values:

  • NON_SCANNED (CANCELED)

    Scan canceled.

  • NON_SCANNED (CORRUPTED)

    The scanned object is corrupted.

  • NON_SCANNED (ACCESS DENIED)

    Access to the object is denied.

  • NON_SCANNED (SKIPPED)

    Scan skipped.

  • NON_SCANNED (PASSWORD PROTECTED)

    The object to scan is password protected.

  • NON_SCANNED

    The reason that the object is not scanned is not identified.

• detectionName is the name of the detected malicious object in the Kaspersky classification system.
• containsOfficeMacro is the binary flag that has a value of true if a macro was detected in the object and false otherwise.
• subObjectsScanResults is an array of scan results for each sub-object nested in the object that was scanned. This field with all of its sub-fields is only included in the response body if the scanned object contains nested sub-objects.
  • subObjectsScanResults/object is the path to the nested sub-object. Note that the path to the sub-object is separated from the path to its parent object by a double slash (//), for example:

    /home/user/archive.tar//folder/subobject

  • subObjectsScanResults/scanResult is the scan result for the nested sub-object.
  • subObjectsScanResults/detectionName is the name of the detected malicious object in the Kaspersky classification system.
  • subObjectsScanResults/containsOfficeMacro is the binary flag that has a value of true if a macro was detected in the nested sub-object and false otherwise.

If a POST scan request is processed with an error, the response body contains a JSON object with a single error field:

{ "error": "%ERROR_MESSAGE%" }

where error contains the description of the error that occurred during the request processing.

Additional fields in KAV protocol version 3.1

The reason field appears only if you use KAV protocol version 3.1. This field specifies the reason why the object is not scanned. This field appears if a request is made to /api/v3.1/scanfile or to /api/v3.1/scanmemory, and if the value of the scanResult field is NON_SCANNED.

Possible values:

• Canceled

  Scan canceled.

• Corrupted

  The scanned object is corrupted.

• Access denied

  Access to the object is denied.

• Skipped

  Scan skipped.

• Password protected

  The object to scan is password protected.

• Max depth exceeded

  The maximum depth of nested archives to be unpacked during scanning is exceeded.

Page top