Description on scan result codes

These are the possible values returned for file scans. These values appear in scan_result_i and scan_all_result_i:

Value

Short description

Long description

0

No Threats Found

No threat detection or the file is empty.

1

Infected/Known

Threat is found.

2

Suspicious

Classified as possible threat but not identified as specific threat.

3

Failed To Scan

Scanning is not fully performed (for example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result.

4

Cleaned / Deleted

Threat is found and file is cleaned (repaired or deleted): repair is not supported yet.

5

Unknown

Unknown signature. NOTE: this is only used in multiple hash lookup. For single hash lookup, scan_result_* are not returned as response. see 3.1 Retrieving scan reports using a data hash for more details.

6

Quarantined

File is quarantined.

7

Skipped Clean

Scan is skipped because this file type is in white-list.

8

Skipped Infected

Scan is skipped because this file type is in black-list.

9

Exceeded Archive Depth

Threat is not found but there are more archive levels which were not extracted.

10

Not Scanned / No scan results

Scan is skipped by the engine either due to update or other engine specific reason. If scan is disabled, this will be the final result.

11

Aborted

The current scan was stopped by the server.

12

Encrypted

File/buffer is not scanned because the file type is detected as encrypted (password-protected). If the Internal Archive Library is ON encrypted return type is not going to be returned through MetaDefender scan progress callbacks since the engines do not perform any scan operations. If the Internal Archive Library is OFF MetaDefender will pass the encrypted files to the engines directly, bypassing the detection.

13

Exceeded Archive Size

The extracted archive is too large to scan.

14

Exceeded Archive File Number

There are more files in the archive than configured on the server.

15

Password Protected Document

Document that is protected by a password [e.g., Office documents or PDFs that require a password to view its contents]. If a file is password protected document, no sanitization will be applied.

MetaDefender Core supports detecting password protected document. Here is example of file extension we have tested: PDF, DOCX, DOC, DOCM, DOTX, DOTM, DOT, PPTX, PPT, POT, POTM, POTX, PPS, PPSM, PPSX, PPTM, PPTX, XLSX, XLS, XLSM, XLSB,XLS, XLTX, XLTM, XLT, XLAM, XLA. If any file extension is not listed here, use https://metadefender.opswat.com for you to test.

16

Exceeded Archive Timeout

The archive process reached the given timeout value. This result is supported from Core version 4.4.0.

17

Mismatch

The file's extension does not match the detected file type. Only applicable when using workflows.

18

Potentially Vulnerable File

Possible vulnerability detected for applied file.