Description on scan result codes
These are the possible values returned for file scans. These values appear in scan_result_i and scan_all_result_i:
|
Value |
Short description |
Long description |
|
0 |
No Threats Found |
No threat detection or the file is empty. |
|
1 |
Infected/Known |
A threat is found. |
|
2 |
Suspicious |
Classified as a possible threat but not identified as a specific threat. |
|
3 |
Failed To Scan |
Scanning is not fully performed (for example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result. |
|
4 |
Cleaned / Deleted |
The threat is found and the file is cleaned (repaired or deleted): repair is not supported yet. |
|
5 |
Unknown |
Unknown signature. NOTE: this is only used in multiple hash lookup. For single hash lookup, scan_result_* are not returned as a response. see 3.1 Retrieving scan reports using a data hash for more details. |
|
6 |
Quarantined |
File is quarantined. |
|
7 |
Skipped Clean |
Scan is skipped because this file type is in white-list. |
|
8 |
Skipped Infected |
Scan is skipped because this file type is in black-list. |
|
9 |
Exceeded Archive Depth |
Threat is not found but there are more archive levels which were not extracted. |
|
10 |
Not Scanned / No scan results |
Scan is skipped by the engine either due to update or other engine specific reason. If the scan is disabled, this will be the final result. |
|
11 |
Aborted |
The current scan was stopped by the server. |
|
12 |
Encrypted |
File/buffer is not scanned because the file type is detected as encrypted (password-protected). |
|
13 |
Exceeded Archive Size |
The extracted archive is too large to scan. |
|
14 |
Exceeded Archive File Number |
There are more files in the archive than configured on the server. |
|
15 |
Password Protected Document |
A document that is protected by a password [e.g., Office documents or PDFs that require a password to view its contents]. If a file is password protected document, no sanitization will be applied. MetaDefender Cloud supports detecting password-protected document for: PDF, DOCX, DOC, DOCM, DOTX, DOTM, DOT, PPTX, PPT, POT, POTM, POTX, PPS, PPSM, PPSX, PPTM, PPTX, XLSX, XLS, XLSM, XLSB,XLS, XLTX, XLTM, XLT, XLAM, XLA. |
|
16 |
Exceeded Archive Timeout |
The archive process reached the given timeout value. |
|
17 |
Mismatch |
The file's extension does not match the detected file type. Only applicable when using workflows. |
|
18 |
Potentially Vulnerable File |
Possible vulnerability detected for the applied file. |
|
19 |
Canceled |
The file scan was canceled because it failed to scan too many times |
|
20 |
Sensitive data found |
Data loss prevention engine found sensitive data |
|
21 |
Yara Rule Matched |
The analysis data matches a yara rule |
|
22 |
Potential unwanted application (PUA) |
Returned by engines with PUA detection capabilities |
|
23 |
Filetype not supported |
The engine does not support scanning this file type. Certain engines only scan specific file types such as executable files or documents. |
|
254 |
In queue |
The file has been added to the scan queue and is waiting to be processed |
|
255 |
In progress |
The scanning is in progress |
Not all codes will be returned by MetaDefender Cloud. Some codes are only returned by the on-premise version.