COM Interface

The Metadefender Core COM server externalizes COM (Microsoft’s Component Object Model) interfaces. The interfaces are all based on the IDispatch automation interface making integration possible from many scripting languages.

When the Metadefender Core Server starts (this happens when you log in or upon the first invocation of the server from a client), it starts updating all the supported antivirus engines on the system. The server repeats the update process at configurable intervals.

Before any method is called, a client instance must be initialized by calling Init or InitEx (deprecated). For APIs via callbacks, please refer to COM Connection Points.

Important Return Type

Scan outcome Return Type

Return value

Description

Note

0

No threat found

No threat detection or the file is empty.

1

Infected/Known

Threat is found.

2

Suspicious

Classified as possible threat but not identified as specific threat.

3

Failed To Scan

Scanning is not fully performed (For example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result.

4

Cleaned

Threat is found and file is cleaned (repaired or deleted).

5

Unknown

Unknown scan result.

6

Quarantined

File is quarantined.

7

Skipped Clean

Scan is skipped because this file type is in whitelist.

8

Skipped Dirty

Scan is skipped because this file type is in blacklist.

9

Exceeded Archive Depth

Threat is not found, but there are more archive levels that were not extracted. This is affected by the Metadefender Core property,‘internal_archive_recursive_level’.

10

Not Scanned

Scan is skipped by the engine, either due to update or other engine specific reason. If scan is disabled, this is the final result.

11

Aborted

All ongoing scans are purged by StopScan API call.

12

Encrypted

File/buffer is not scanned because the file type is detected as encrypted (password-protected). If the Internal Archive Library is ON, encrypted return type is not going to be returned through Metadefender Core scan progress callbacks because the engines do not perform any scan operations. If the Internal Archive Library is OFF, Metadefender Core passes the encrypted files to the engines directly, bypassing the detection.

13

Exceeded Archive Size

The extracted archive is larger than set in the maximum file size for archive.

14

Exceeded Archive File Number

There are more files in the archive than set in the maximum number of files extracted.

15

Password Protected Document

Only workflow has this result.

Others

Return Type

Values

API/Connection points which use this return type

ThreatList

A threat list found on the scanned object, otherwise null (Threat name should NOT be used in a way that affects the application logic. For example, a threat name can be an empty string )

Scan

ScanEx

ScanAndClean

PutToScanQueue

PutToScanAndCleanQueue

FileTypeShort

“E” – Executable (EXE, DLL, …)

“D” – Document (MS Office word document, MS Office excel sheet)

“A” – Archive (Zip, Rar, Tar, …)

“G” – Graphical format (Jpeg, GIF, TIFF, BMP, …)

“F” – Folder

“Y” – Logical drive

“I” – Disk image

“T” – Text

“P” – PDF format

“M” – audio or video format

“Z” – mail messages (MSG, …)

“O” – Other (anything that is not recognized as one of the above)

Note: An ISO is treated as an archive file type (type “A”) and not as a disk image (type “I”).