7.2 False positives feed
|
Request |
Value |
|
Method |
GET |
|
URL |
https://api.metadefender.com/v3/false-positives/hashes |
Summary
Newly discovered files which are considered possible false positives. An infected scan result is considered to be false positive if 2 or less engines detected the file as being infected. The feed is updated on a daily basis and contains files that are detected in the previous day. This feed contains data about all engines.
Data is paginated, each page returns 1000 entries.
These endpoint are only available to OPSWAT partners participating in the malware exchange program. If you are an antivirus vendor, or have a malware feed and want to participate in the program, please contact us at malware-sharing@opswat.com.
Request
Query Parameters
|
|
Description |
Required |
Default |
Example |
|
?page |
The page number. This is a number starting from 1 up to as many pages as there are samples in a day |
NO |
1 |
?page=1 |
Header Parameters
|
|
Description |
Allowed Values |
Required |
|
Authorization |
Give rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of a successful request:
{ "success": true, "data": [{ "file_type_category": "A", "file_type_extension": "JAR", "link": "https://metadefender.opswat.com/#!/results/file/bzE3MDQwOUIxemcwY05QVGxTeVBXbVhPM1Va/regular/analysis", "md5": "BBBC938004F13A6A01257CFEE1ABD2F", "sha1": "CCC282E4EDD167AE89B6866B42C1C48F8A374157", "sha256": "F223AF499D2797E7131FFF98F426B6476215CB53834F90E60B37CD4528A004BD", "scan_all_result_a": "Infected", "scan_all_result_i": "1", "detected_by": ["Emsisoft"], "download": "https://api.metadefender.com/v3/file/E292AF499D2797E7131FFF98F426B6476215CB53834F90E60B37CD4528A004BD/download", "start_time" : "2017-08-07T22:04:11.878+0000" }, { "file_type_category": "E", "file_type_extension": "exe/dll/ocx", "link": "https://metadefender.opswat.com/#!/results/file/dDE3MDgwM3J5MkpYUVhidldyeVR5WDdYWlAt/regular/analysis", "md5": "B11AF84597D11D5C84183D36899239F8", "sha1": "A3650D028671B639F7E702F366D624CA532E1921", "sha256": "G45F8AB1C38641A85E425A0F94F5341E2D5A74B892F020EC94C0E5F277EBD5C1", "scan_all_result_a": "Infected", "scan_all_result_i": "1", "detected_by": ["AVG", "Zillya"], "download": "https://api.metadefender.com/v3/file/G45F8AB1C38641A85E425A0F94F5341E2D5A74B892F020EC94C0E5F277EBD5C1/download", "start_time" : "2017-08-07T22:04:11.878+0000" } ]}Descriptions of responses:
|
file_type_category |
The category of the file, computed by OPSWAT. Possible values:
|
|
file_type_extension |
The extension of the file, computed by OPSWAT |
|
link |
The link to the scan results in the frontend |
|
md5 |
The md5 of the file |
|
sha1 |
The sha1 of the file |
|
sha256 |
The sha256 of the file |
|
scan_all_result_a |
Scan result description |
|
scan_all_result_i |
|
|
detected_by |
An array of engines who detected this file as being infected |
|
download |
The API endpoint from where to download the file |
|
start_time |
The start time of the scan |
Sample code (Node.js)
var http = require("https"); var options = { "method": "GET", "hostname": "api.metadefender.com", "path": "/v3/feed/false-positives", "headers": { "Authorization": "apikey " + process.env.APIKEY } }; var req = http.request(options, function (res) { var chunks = []; res.on("data", function (chunk) { chunks.push(chunk); }); res.on("end", function () { var body = Buffer.concat(chunks); console.log(body.toString()); }); }); req.end();Sample code (cURL)
curl -X GET \ https://api.metadefender.com/v3/feed/false-positives?page=2 \ -H 'authorization: apikey ${APIKEY}'