7.3 False positives for specific engine

Request

Value

Method

GET

URL

https://api.metadefender.com/v3/feed/false-positives/:engine

Summary

Newly discovered files which are considered possible false positives and were detected by a specific engine. An infected scan result is considered to be false positive if only 2 or less engines detected the file as being infected. The feed is updated on a daily basis and contains files that are detected in the previous day. This feed contains data about all engines.

Data is paginated, each page returns 1000 entries. There is no fixed size of the feed. The size of the feed depends on how many samples we get in the previous day.

These endpoint are only available to OPSWAT partners participating in the malware exchange program. If you are an antivirus vendor, or have a malware feed and want to participate in the program, please contact us at malware-sharing@opswat.com.

Request

URL parameters

 

Description

Required

:engine

The exact name of the engine, as described in the results.

Some engines might have a space in the name. Replace the space with %20

YES

Query Parameters

 

Description

Required

Default

Example

?page

The page number. This is a number starting from 1 up to as many pages as there are samples in a day

NO

1

?page=1

Header Parameters

 

Description

Allowed Values

Required

Authorization

Give rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful request:

{
"success": true,
"data": [{
"file_type_category": "A",
"file_type_extension": "JAR",
"link": "https://metadefender.opswat.com/#!/results/file/bzE3MDQwOUIxemcwY05QVGxTeVBXbVhPM1Va/regular/analysis",
"md5": "BBBC938004F13A6A01257CFEE1ABD2F",
"sha1": "CCC282E4EDD167AE89B6866B42C1C48F8A374157",
"sha256": "F223AF499D2797E7131FFF98F426B6476215CB53834F90E60B37CD4528A004BD",
"scan_all_result_a": "Infected",
"scan_all_result_i": "1",
"detected_by": ["Emsisoft"],
"download": "https://api.metadefender.com/v3/file/E292AF499D2797E7131FFF98F426B6476215CB53834F90E60B37CD4528A004BD/download",
"start_time" : "2017-08-07T22:04:11.878+0000"
}
]
}

Descriptions of responses:

file_type_category

The category of the file, computed by OPSWAT. Possible values:

  • E - executables

  • D - documents

  • A - archives

  • G - graphical format

  • T - text

  • P - pdf format

  • M - audio or video format

  • N - Android apk file

file_type_extension

The extension of the file, computed by OPSWAT

link

The link to the scan results in the frontend

md5

The md5 of the file

sha1

The sha1 of the file

sha256

The sha256 of the file

scan_all_result_a

Scan result description

scan_all_result_i

Scan result code.

detected_by

An array of engines who detected this file as being infected

download

The API endpoint from where to download the file

start_time

The start time of the scan

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": "api.metadefender.com",
"path": "/v3/feed/false-positives/AVG",
"headers": {
"Authorization": "apikey " + process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v3/feed/false-positives/AVG?page=2 \
-H 'authorization: apikey ${APIKEY}'