Description of Scan Result Codes
These are the possible values returned for file scans. These values appear in scan_all_result_i and scan_all_result_a:
Not all codes will be returned by MetaDefender Cloud. Some codes are only returned by the on-premise version.
| Value | Short description | Long description |
|---|---|---|
| 0 | No Threats Found | No threat detection or the file is empty. |
| 1 | Infected/Known | A threat is found. |
| 2 | Suspicious | Classified as a possible threat but not identified as a specific threat. |
| 3 | Failed To Scan | Scanning is not fully performed (for example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result. |
| 5 | Unknown | Unknown signature. NOTE: this is only used in multiple hash lookup. For single hash lookup, scan_result_* are not returned as a response. see 3.1 Retrieving scan reports using a data hash for more details. |
| 7 | Skipped Clean | Scan is skipped because this file type is on the allowlist. |
| 8 | Skipped Infected | Scan is skipped because this file type is on the blocklist. |
| 9 | Exceeded Archive Depth | Threat is not found but there are more archive levels which were not extracted. |
| 10 | Not Scanned / No scan results | Scan is skipped by the engine either due to update or other engine specific reason. If the scan is disabled, this will be the final result. |
| 11 | Aborted | The current scan was stopped due to an issue with OPSWAT servers |
| 12 | Encrypted | File/buffer is not scanned because the file type is detected as encrypted (password-protected). |
| 13 | Exceeded Archive Size | The extracted archive is too large to scan. |
| 14 | Exceeded Archive File Number | There are more files in the archive than configured on the server. |
| 15 | Password Protected Document | A document that is protected by a password [e.g., Office documents or PDFs that require a password to view its contents]. If a file is password protected document, no sanitization will be applied. MetaDefender Cloud supports detecting password-protected document for: PDF, DOCX, DOC, DOCM, DOTX, DOTM, DOT, PPTX, PPT, POT, POTM, POTX, PPS, PPSM, PPSX, PPTM, PPTX, XLSX, XLS, XLSM, XLSB,XLS, XLTX, XLTM, XLT, XLAM, XLA. |
| 16 | Exceeded Archive Timeout | The archive process reached the given timeout value (pre-defined value of 30 minutes) |
| 17 | Mismatch | The file's extension does not match the detected file type. Currently not supported by MD Cloud, feature coming soon |
| 18 | Potentially Vulnerable File | Possible vulnerability detected for the applied file. |
| 19 | Canceled | The file scan was canceled because it failed to scan too many times |
| 23 | Filetype not supported | The engine does not support scanning this file type. Certain engines only scan specific file types such as executable files or documents. |
| 30 | Blocked Verdict by Deep CDR | Blocked Verdict by Deep CDR |
| 252 | Empty File | The scan was not completed because the file content was empty. |
| 253 | Not Scanned | Rate limit exceeded, retry after the limit is reset. Limit: <no. of> requests / day |
| 254 | In queue | The file has been added to the scan queue and is waiting to be processed |
| 255 | In progress | The scanning is in progress |
Was this page helpful?
