How can I run tests to see the different scan results on MetaDefender Core?

The following is a list of possible MetaDefender Core scan results and suggestions of tests you can perform to have MetaDefender Core return each of these results. The descriptions of the results can be found here: https://onlinehelp.opswat.com/corev3/Description_of_Scan_Results.html

  • Clean: Test this result by scanning any file you are certain is clean (e.g., a newly created text file).

  • Infected/Known:

    1. Download an EICAR test file from http://www.eicar.org/85-0-Download.html.

    2. Scan

  • Suspicious: This result is usually caused by an engine's heuristic algorithm. Since each engine has it's own unique heuristic algorithims, we do not have sample files for each of the engines. The attached file below has been used for testing and will provide a suspicious scan result. This will be detected by XVirus–one of 42 engines that are included in MetaDefender Cloud (http://metadefender.com)

  • FailedToScan:

    1. If you have other antivirus software which is installed separately from MetaDefender Core, turn on real time protection (The third party antivirus software must be configured to scan the Temp directory of MetaDefender Core; by default the location is C:\Windows\Temp).

    2. Scan an infected file (e.g., eicar file),

    3. Result should be FailedToScan if the test was conducted correctly.

  • Cleaned: Test this case by setting Clean Action to "Delete", and scan an infected file. To do this, run:

    MetaDefender Core installation folder\omsCmdLineUtil.exe config ca=2

  • Quarantined: Test this case by setting Clean Action to "Quarantine", and scan an infected file. To do this, run:

    MetaDefender Core installation folder\omsCmdLineUtil.exe config ca=1

  • Skipped Clean: Obtain this result by adding the scanned file to the whitelist. For instructions on how to add files to the whitelist, please refer to MetaDefender Core Documentation, page 87.

  • Skipped Dirty: Obtain this result by adding the scanned file to the blacklist. For instructions on how to add files to the blacklist, please refer to MetaDefender Core Documentation, page 87.

  • Exceeded Archive Depth:

    1. Set "Max recursion level" to a small value (e.g., 2). This setting can be found under the in the ScanEx Configuration section (Configuration>Scan Configuration>ScanEx Configuration>Archive Handling).

    2. Create an archive file which has an archive depth greater than 2.

    3. Scan

  • Not Scanned: Kill all processes of the available engines by running the following command:

    taskkill /F /IM omsAMEHandler.exe

    If you have custom engines, run:

    taskkill /F /IM omsCEHandler.exe

    Scan an arbitrary text file to obtain the scan result.

  • Encrypted: Test this result by scanning any password protected archive.

  • Exceeded Archive Size:

    1. Set "Max total size of extracted files" to a small value (e.g., 5 MB). This setting can be found under the ScanEx Configuration section (Configuration>Scan Configuration>ScanEx Configuration>Archive Handling).

    2. Next, create an archive file with a total size greater than 5 MB (after extracting).

    3. Scan to reproduce the scan result.

  • Exceeded Archive File Number:

    1. Set "Max number of files extracted" to a small value (e.g., 10) This setting can be found under the ScanEx Configuration section (Configuration>Scan Configuration>ScanEx Configuration>Archive Handling).

    2. Next, create an archive file which has more than 10 files (after extracting) and scan to reproduce the result.

    3. Alternately, users can download a sample at https://s3.amazonaws.com/opswat-metascan-online-files/b07fcd92c31d5c45df2ccc3b66f16e05/6f97d459a0ee497ba650ff7ba07f3f72
      to obtain the Exceeded Archive File Number result.

  • Mismatch:

    1. Create and save a new file (e.g., open a Microsoft Word Document).

    2. Right click the newly created document & select Properties.

    3. Change the filename extension to a different type (e.g., Sample.docx → Sample.pdf).

    4. Scan the newly renamed file to obtain the Mismatch result.

The results below only appear if there is an error related to a specific file. We do not have recommendations on how to test for these these results pro-actively:

  • Unknown

  • Aborted

This article pertains to MetaDefender Core v3
This article was last updated on 2017-12-20
CN