If a scan POST request is successfully processed, the response body contains a JSON object with the following fields:
{ "object": "%SCAN_OBJECT%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%", "subObjectsScanResults": [ { "object": "%SCAN_FILE%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%" }, … { "object": "%SCAN_FILE%", "scanResult": "%SCAN_RESULT%", "detectionName": "%DETECTED_OBJECT%", "containsOfficeMacro": "%IS_MACRO_CONTAINED%" } ] } |
where:
object
contains the full path to the scanned file (if a request is made to /api/v3.0/scanfile
) or to a "memory"
string (if a request is made to /api/v3.0/scanmemory
).scanResult
is the scan result and can have the following values:CLEAN
DETECT
DISINFECTED
DELETED
NON_SCANNED
SERVER_ERROR
If a request is made to /api/v3.0/scanfile
or to /api/v3.0/scanmemory
, the reason that the object is not scanned may be added to the NON_SCANNED
result. For example:
{ "object": "\/home\/user\/Documents\/filestoscan\/test.zip", "scanResult": "NON_SCANNED (PASSWORD PROTECTED)", "containsOfficeMacro": "false" } |
Possible values:
NON_SCANNED (CANCELED)
Scan canceled.
NON_SCANNED (CORRUPTED)
The scanned object is corrupted.
NON_SCANNED (ACCESS DENIED)
Access to the object is denied.
NON_SCANNED (SKIPPED)
Scan skipped.
NON_SCANNED (PASSWORD PROTECTED)
The object to scan is password protected.
NON_SCANNED
The reason that the object is not scanned is not identified.
detectionName
is the name of the detected malicious object in the Kaspersky classification system.containsOfficeMacro
is the binary flag that has a value of true
if a macro was detected in the object and false
otherwise.subObjectsScanResults
is an array of scan results for each sub-object nested in the object that was scanned. This field with all of its sub-fields is only included in the response body if the scanned object contains nested sub-objects.subObjectsScanResults/object
is the path to the nested sub-object. Note that the path to the sub-object is separated from the path to its parent object by a double slash (//
), for example:/home/user/archive.tar//folder/subobject
subObjectsScanResults/scanResult
is the scan result for the nested sub-object.subObjectsScanResults/detectionName
is the name of the detected malicious object in the Kaspersky classification system.subObjectsScanResults/containsOfficeMacro
is the binary flag that has a value of true
if a macro was detected in the nested sub-object and false
otherwise.If a POST scan request is processed with an error, the response body contains a JSON object with a single error
field:
{ "error": "%ERROR_MESSAGE%" } |
where error
contains the description of the error that occurred during the request processing.
Additional fields in KAV protocol version 3.1
The reason
field appears only if you use KAV protocol version 3.1. This field specifies the reason why the object is not scanned. This field appears if a request is made to /api/v3.1/scanfile
or to /api/v3.1/scanmemory
, and if the value of the scanResult
field is NON_SCANNED
.
Possible values:
Canceled
Scan canceled.
Corrupted
The scanned object is corrupted.
Access denied
Access to the object is denied.
Skipped
Scan skipped.
Password protected
The object to scan is password protected.
Max depth exceeded
The maximum depth of nested archives to be unpacked during scanning is exceeded.