Description on scan result codes
These are the possible values returned for file scans. These values appear in scan_result_i and scan_all_result_i:
|
Value |
Short description |
Long description |
|
0 |
No Threats Found |
No threat detection or the file is empty. |
|
1 |
Infected/Known |
Threat is found. |
|
2 |
Suspicious |
Classified as possible threat but not identified as specific threat. |
|
3 |
Failed To Scan |
Scanning is not fully performed (for example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result. |
|
4 |
Cleaned / Deleted |
Threat is found and file is cleaned (repaired or deleted): repair is not supported yet. |
|
5 |
Unknown |
Unknown signature. NOTE: this is only used in multiple hash lookup. For single hash lookup, scan_result_* are not returned as response. see 3.1 Retrieving scan reports using a data hash for more details. |
|
6 |
Quarantined |
File is quarantined. |
|
7 |
Skipped Clean |
Scan is skipped because this file type is in white-list. |
|
8 |
Skipped Infected |
Scan is skipped because this file type is in black-list. |
|
9 |
Exceeded Archive Depth |
Threat is not found but there are more archive levels which were not extracted. |
|
10 |
Not Scanned / No scan results |
Scan is skipped by the engine either due to update or other engine specific reason. If scan is disabled, this will be the final result. |
|
11 |
Aborted |
The current scan was stopped by the server. |
|
12 |
Encrypted |
File/buffer is not scanned because the file type is detected as encrypted (password-protected). If the Internal Archive Library is ON encrypted return type is not going to be returned through MetaDefender scan progress callbacks since the engines do not perform any scan operations. If the Internal Archive Library is OFF MetaDefender will pass the encrypted files to the engines directly, bypassing the detection. |
|
13 |
Exceeded Archive Size |
The extracted archive is too large to scan. |
|
14 |
Exceeded Archive File Number |
There are more files in the archive than configured on the server. |
|
15 |
Password Protected Document |
Document that is protected by a password [e.g., Office documents or PDFs that require a password to view its contents]. If a file is password protected document, no sanitization will be applied. MetaDefender Core supports detecting password protected document. Here is example of file extension we have tested: PDF, DOCX, DOC, DOCM, DOTX, DOTM, DOT, PPTX, PPT, POT, POTM, POTX, PPS, PPSM, PPSX, PPTM, PPTX, XLSX, XLS, XLSM, XLSB,XLS, XLTX, XLTM, XLT, XLAM, XLA. If any file extension is not listed here, use https://metadefender.opswat.com for you to test. |
|
16 |
Exceeded Archive Timeout |
The archive process reached the given timeout value. This result is supported from Core version 4.4.0. |
|
17 |
Mismatch |
The file's extension does not match the detected file type. Only applicable when using workflows. |
|
18 |
Potentially Vulnerable File |
Possible vulnerability detected for applied file. |