Description on scan result codes

These are the possible values returned for file scans. These values appear in scan_result_i and scan_all_result_i:

Value

Short description

Long description

0

No Threats Found

No threat detection or the file is empty.

1

Infected/Known

A threat is found.

2

Suspicious

Classified as a possible threat but not identified as a specific threat.

3

Failed To Scan

Scanning is not fully performed (for example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result.

4

Cleaned / Deleted

The threat is found and the file is cleaned (repaired or deleted): repair is not supported yet.

5

Unknown

Unknown signature. NOTE: this is only used in multiple hash lookup. For single hash lookup, scan_result_* are not returned as a response. see 3.1 Retrieving scan reports using a data hash for more details.

6

Quarantined

File is quarantined.

7

Skipped Clean

Scan is skipped because this file type is in white-list.

8

Skipped Infected

Scan is skipped because this file type is in black-list.

9

Exceeded Archive Depth

Threat is not found but there are more archive levels which were not extracted.

10

Not Scanned / No scan results

Scan is skipped by the engine either due to update or other engine specific reason. If the scan is disabled, this will be the final result.

11

Aborted

The current scan was stopped by the server.

12

Encrypted

File/buffer is not scanned because the file type is detected as encrypted (password-protected).

13

Exceeded Archive Size

The extracted archive is too large to scan.

14

Exceeded Archive File Number

There are more files in the archive than configured on the server.

15

Password Protected Document

A document that is protected by a password [e.g., Office documents or PDFs that require a password to view its contents]. If a file is password protected document, no sanitization will be applied.

MetaDefender Cloud supports detecting password-protected document for: PDF, DOCX, DOC, DOCM, DOTX, DOTM, DOT, PPTX, PPT, POT, POTM, POTX, PPS, PPSM, PPSX, PPTM, PPTX, XLSX, XLS, XLSM, XLSB,XLS, XLTX, XLTM, XLT, XLAM, XLA.

16

Exceeded Archive Timeout

The archive process reached the given timeout value.

17

Mismatch

The file's extension does not match the detected file type. Only applicable when using workflows.

18

Potentially Vulnerable File

Possible vulnerability detected for the applied file.

19

Canceled

The file scan was canceled because it failed to scan too many times

20

Sensitive data found

Data loss prevention engine found sensitive data

21

Yara Rule Matched

The analysis data matches a yara rule

22

Potential unwanted application (PUA)

Returned by engines with PUA detection capabilities

23

Filetype not supported

The engine does not support scanning this file type. Certain engines only scan specific file types such as executable files or documents.

254

In queue

The file has been added to the scan queue and is waiting to be processed

255

In progress

The scanning is in progress

Not all codes will be returned by MetaDefender Cloud. Some codes are only returned by the on-premise version.