Developer Guide
This is the API documentation for MetaDefender Cluster API Gateway Public API. If you would like to evaluate or have any questions about this documentation, please contact us via our Contact Us form.
How to Interact with MetaDefender Cluster API Gateway using REST API
MetaDefender Cluster API Gateway is used to submit files for analysis, retrieve scan results, manage file processing, download processed files, and manage file batches. OPSWAT recommends using the JSON-based REST API. The available methods are documented below.
Note: MetaDefender Cluster API doesn't support chunk upload, however is recommended to stream the files to MetaDefender Cluster API Gateway as part of the upload process.
File Analysis Process
MetaDefender Cluster is a system with multiple components that work together to utilize the power of multiple MetaDefender Core instances. The system is designed to handle large volumes of files and provide high throughput for file analysis. The system can be deployed in a distributed manner, allowing for horizontal scaling and load balancing across multiple MetaDefender Core instances.
Below is a brief description of the API integration flow:
Upload a file for analysis to MetaDefender Cluster API Gateway (
POST /file), which returns thedata_id: File Analysis.The following method can be used to retrieve the analysis report:
- Polling: Fetch the result with previously received data_id (
GET /file/{data_id}resource) until scan result belonging to data_id doesn't reach the 100 percent progress_percentage: (Fetch analysis result)
Note: Too many data_id requests can reduce performance. It is enough to just check every few hundred milliseconds.
- Polling: Fetch the result with previously received data_id (
Retrieve the analysis results anytime after the analysis is completed with hash for files (md5, sha1, sha256, sha512) by calling Fetch analysis result by hash.
- The hash can be found in the scan results
Retrieve processed file (sanitized, redacted, watermarked, etc.) after the analysis is complete.
Note: Based on the configured retention policy, the files might be available for retrieval at a later time.
OPSWAT provides some sample codes on GitHub to make it easier to understand how the MetaDefender REST API works.
Auth
Authentication APIs
User authentication is done via username & password.
Login
Initiate a new session. Required for using protected REST APIs.
| object | object | ||
| user | string | Username | |
| password | string | User's password |
curl --request POST \ --url 'http://localhost:8899/login' \ --data '{ "user": "admin", "password": "admin"}'OK
| object | object | ||
| oms | string | The randomly generated token used to prevent CSRF attacks | |
| session | string | The apikey used to make API calls which requires authentication |
Invalid credentials
Unexpected event on server
{ "oms-csrf-token": "ZWU3NDJkNDcwMzQ4NWNlNGUzOTFjMGJiNDFkZDQ4ZWM=", "session_id": "a5dd6114dbd14a3b8f4577b7b54e6b0a"}Logout
Destroy session for not using protected REST APIs.
| apikey | string | Generated |
curl --request POST \ --url 'http://localhost:8899/logout' \ --header 'apikey: {apikey}'OK
| object | object | ||
| response | string |
Bad Request.
Invalid user information.
Unexpected event on server
{ "response": "Logout success"}Analysis
File analysis APIs
Submit each file to MetaDefender Cluster API Gateway individually or group them in batches. Each file submission will return a data_id which will be the unique identifier used to retrieve the analysis results.
Note: MetaDefender API doesn't support chunk upload. You shouldn't load the file in memory, is recommended to stream the files to MetaDefender Cluster API Gateway as part of the upload process.
Analyze File (Asynchronous mode)
Scanning a file using a specified workflow. Scan is done asynchronously and each scan request is tracked by data id of which result can be retrieved by API Fetch Scan Result.
Note: Chunked transfer encoding (applying header Transfer-Encoding: Chunked) is not supported on
/fileAPI. API Gateway only accepts file uploads with a known content length and a content type ofapplication/octet-stream
| apikey | string | Generated | |
| filename | string | The name of the submitted file | |
| user | string | user_agent header used to identify (and limit) access to a particular rule. For rule selection, | |
| rule | string | Select rule for the analysis, if no header given the default rule will be selected (URL encoded UTF-8 string of rule name) | |
| batch | string | Batch id to scan with, coming from | |
| archivepwd | string | Password for archive ( URL encoded UTF-8 string) Multiple passwords is also supported, format: archivepwdX
For example:
| |
| content | string | Content encoding of the file. This header is used to specify the encoding of the file content. The value should be a valid content encoding type, such as "base64", "gzip". This header is optional and can be omitted if the encoding is not applicable. | |
| metadata | string | Could be utilized for:
It is strongly recommended to apply URL encoding before sending | |
| engines | string | Since MetaDefender Core 5.0.0, preferred context / verbose information can be sent to the engines. Please see the below pages for the details:
| |
| callbackurl | string | Client's URL where MetaDefender Cluster Callback Service will notify scan result back to whenever scan is finished (webhook model). * Format: protocol://<ip | domain>: * Example: http://10.0.1.100:8081/listenback * Supported protocol: HTTP / HTTPS * Supported host types: domain name, IPv4 (IPv6 not supported) * Method: POST
| |
| global | integer | This custom global timeout (in seconds) will override the global timeout predefined in corresponding workflow rule. |
| file | file |
curl --request POST \ --url 'http://localhost:8899/file' \ --header 'apikey: {apikey}' \ --header 'filename: {filename}' \ --header 'user_agent: {user_agent}' \ --header 'rule: {rule}' \ --header 'batch: {batch}' \ --header 'archivepwd: {archivepwd}' \ --header 'content-encoding: base64' \ --header 'metadata: { "key1": "value", "key2": ["valueA", "valueB"]}' \ --header 'engines-metadata: { "charset": "ISO-2022-JP", "content-type": "text/html", "content-transfer-encoding": "quoted-printable"}' \ --header 'callbackurl: {callbackurl}' \ --header 'global-timeout: {global-timeout}' \ --data-binary '"<Payload in raw bytes>"'Successful file submission
| object | object | ||
| data | string | Unique submission identifier. Use this value to reference the submission. |
Invalid user information or Not Allowed
Content-Length header is missing from the request.
Body input is empty.
Unexpected event on server
Server is too busy. Try again later.
{ "data_id": "61dffeaa728844adbf49eb090e4ece0e"}Fetch Analysis Result
Retrieve scan results.
Scan is done asynchronously and each scan request is tracked by a data ID.
Initiating file scans and retrieving the results need to be done using two separate API calls.
This request needs to be made multiple times until the scan is complete.
Scan completion can be traced using scan_results.progress_percentage value from the response.
Note: The REST API also supports pagination for archive file result. A completed response description with archive detection:
- extracted_files: information about extracted files
- files_extracted_count: the number of extracted files
- files_in_archive: array of files in archive
- detected_by: number of engines reported threat
- scanned_with: number of engines used for scanning the file
- first_index: it tells that from which file (index of the file, 0 is the first) the result JSON contains information about extracted files. (default=0, min=0)
- page_size: it tells how many files the result JSON contains information about (default=50, min=0, max=2000). So by default, the result JSON contains information about the first 50 extracted files.
- worst_data_id: data id of the file that has the worst result in the archive
- scan_results
- last_file_scanned (stored only in memory, not in database): If available, the name of the most recent processed file
| apikey | string | Generated | |
| user | string | user_agent header used to identify (and limit) access to a particular rule. For rule selection, |
| data | string | Unique submission identifier. Use this value to reference the submission. |
| first | integer | The minimum: 0 Default: 0 | |
| size | integer | The number of items to be fetched next, counting from the item order indicated in maximum: 2000 minimum: 0 Default: 50 |
curl --get \ --url 'http://localhost:8899/file/{data_id}' \ --header 'apikey: {apikey}' \ --header 'user_agent: {user_agent}' \ --data first={first} \ --data size=50Entire analysis report generated by MetaDefender Core
| object | object | ||
| data | string | data identifier of the requested file | |
| dlp | object | Full report from Proactive DLP | |
| certainty | string | Describes how certain the hit is, possible values:
Enum: | |
| errors | object | A list of error objects (empty if no errors happened), each error object contains following keys:
| |
| filename | string | Output processed file name (pre-configured on engine settings under Core's worflow rule) | |
| hits | object | Detailed results that contains as key the type of matched rule:
| |
| ccn | object | ||
| display | string | Credit Card Number, Social Security Number, or in case of RegEx, the name of the rule that has been given by the user | |
| hits | array[object] | A list of detections that matched this rule/pattern. | |
| after | string | The context after the matched data. | |
| before | string | The context before the matched data. | |
| certainty | string | The text version of "certainty_score", possible values:
Enum: | |
| certainty | integer | Is defined by the relevance of the given hit in its context. It is calculated based on multiple factors such as the number of digits, possible values: [0-100] | |
| hit | string | The matched data. | |
| location | string | The location of the hit that is found in a file. | |
| severity | integer | (NOTE: this field is deprecated): can be 0 (detected) or 1 (suspicious). Enum: | |
| tryRedact | boolean | If file was redacted or not. | |
| metadata | object | Result of metadata removal. | |
| result | string | Result of the metadata removal process, possible values:
Enum: | |
| redact | object | Result of redaction process. | |
| result | string | Result of the redaction process, possible values:
Enum: | |
| severity | integer | (NOTE: this field is deprecated): represents the severity of the data loss, possible values:
Enum: | |
| verdict | integer | The overall result for the scanned file. Possible values:
Enum: | |
| watermark | object | Result of watermarking process. | |
| result | string | Result of the watermarking process, possible values:
Enum: | |
| download | object | The downloading status. | |
| error | string | Revealed detailed reason why the download failed. | |
| progress | number | Only applicable when "status" is
| |
| status | string | Indicates download status, which could be either
| |
| url | string | Original download link which was specified in HTTP(S) request's | |
| extraction | object | Details for archive extraction. | |
| decrypted | string | Indicate that decryption phase is successful or not. Enum: | |
| err | string | Error category | |
| err | integer | Error code | |
| err | string | Error message | |
| is | boolean | Indicate if file is password-protected or not. | |
| file | object | basic information of the scanned file | |
| display | string | The filename reported via | |
| file | integer | Total file size in bytes. | |
| file | string | The filetype using mimetype. | |
| file | string | The filetype in human readable format. | |
| md5 | string | File's MD5 hash. | |
| sha1 | string | File's SHA1 hash. | |
| sha256 | string | File's SHA256 Hash. | |
| sha512 | string | File's SHA512 Hash. | |
| signer | array[object] | Digital signature information of the scanned file. | |
| digest | string | Digest algorithm. | |
| digest | string | Encryption algorithm. | |
| issuer | string | Entity that develops and registers the certificate. | |
| serial | string | Serial number of the certificate. | |
| vendor | string | Entity that is issued a certificate and utilize it for creating a digital signature. | |
| version | string | Version of X.509 that is used in the certificate. This version field is zero-based.
| |
| type | array[string] | File type category.
Enum: | |
| receive | string | The timestamp when upload progress started (first byte received) (in milliseconds) | |
| upload | integer | Total time elapsed for upload process (in milliseconds). | |
| upload | string | The timestamp when upload progress finished (all bytes received) (in milliseconds) | |
| filetype | object | response information from FileType engine | |
| file | object | ||
| description | string | File type description | |
| detected | string | Analyzer that detected the file type | |
| encrypted | boolean | File is password-protected or not | |
| extensions | string | File type extension | |
| groupID | string | File type category | |
| groupIDs | array[string] | File type category.
Enum: | |
| group | string | File type category description | |
| likely | array[object] | A list of likely file type IDs | |
| score | integer | Likelihood score of the file type | |
| typeID | string | File type ID | |
| type | string | MIME type | |
| typeID | string | File type ID | |
| type | array[string] | A list of file type IDs | |
| final | object | Final verdict of the file type analysis. | |
| verdict | string | Final verdict of the file type analysis. Enum: | |
| verdict | string | Explanation of the final verdict. | |
| is | boolean | Indicates if the file type does not match the expected type. | |
| result | string | SHA256 Hash of user-interface template. For web console only. | |
| spoofing | object | Spoofing information. | |
| detection | string | Result of the spoofing detection. | |
| result | string | Explanation of the spoofing detection result. | |
| result | string | Overview of the spoofing detection result. | |
| opswatfilescan | object | response information from OPSWAT Filescan engine | |
| process | object | Processing information | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| blocked | array[string] | Provides the reason why the file is blocked in an array (if so). | |
| file | boolean | Indicates if the input file's detected type was configured to skip scanning. | |
| hash | integer | Total time elapsed for computing hashes (in milliseconds). | |
| outdated | array[string] | array of flags - if occur - describing outdated data in the result, these can be
Enum: | |
| processing | integer | Total time elapsed during processing file (in milliseconds). | |
| processing | object | Processing time on each major workflow processing step. | |
| av | integer | AV engines' processing time. | |
| cdr | integer | Deep CDR engine's sanitization time. | |
| dlp | integer | Proactive DLP engine's processing time. | |
| extraction | integer | Archive extraction engine's processing time. | |
| filetype | integer | FileType engine's processing time. | |
| opswatfilescan | integer | OPSWAT Filescan engine's processing time. | |
| others | integer | Total time elapsed for following processing tasks in the product (in milliseconds):
| |
| parse | integer | Digital signature analyzing time. | |
| vul | integer | Vulnerability engine's lookup time. | |
| yara | integer | YARA engine's processing time. | |
| filetype | integer | FileType engine's wait time. | |
| profile | string | The used rule name. | |
| progress | integer | Percentage of processing completed (from 1-100). | |
| queue | integer | Total time elapsed for file processing task was waiting in MetaDefender Core’s queue until being picked up (queue_time = start_time - upload_timestamp) (in milliseconds). | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| user | string | Identifier for the REST Client that calls the API. | |
| username | string | User identifier who submitted scan request earlier. | |
| verdicts | array[string] | Aggregated list of potential issues. | |
| post | object | Contains information about result of sanitization process and any action done after finalizing the process using Post Actions. | |
| actions | string | Empty string if no action failed or list of failed actions, separated by "|". | |
| actions | string | List of successful actions, separated by "|". Empty string if otherwise. | |
| converted | string | Contains the name of the sanitized file. | |
| converted | string | Contains target type name of sanitization. | |
| copy | string | Contains target type name of sanitization. | |
| sanitization | object | Deep CDR module returns forensic info to describe what happened during the process in the case file was successfully sanitized. | |
| cdr | integer | The time in milliseconds that the CDR process took to complete. | |
| description | string | Action was successful or not. | |
| details | array[object] | List of all sanitized objects | |
| action | string | The type of action that was performed Enum: | |
| count | integer | The number of objects that were sanitized/removed. | |
| details | object | List of all sanitized objects of a sanitized embedded file | |
| action | string | The type of action that was performed Enum: | |
| count | integer | The number of objects that were sanitized/removed. | |
| object | array[string] | Additional information about the sanitized object | |
| object | string | The object type that was sanitized/removed. | |
| description | string | Action was successful or not. | |
| file | string | If an embedded file was sanitized. | |
| object | array[string] | Additional information about the sanitized object | |
| object | string | The object type that was sanitized/removed. | |
| failure | string | Deep CDR errors are classified into different categories. For more details, please find Troubleshooting sanitization failures | |
| result | string | The result of the CDR process.
Enum: | |
| result | string | The hash value of the result template, which is used for displaying results on the Core UI and for internal communication between MetaDefender Core and the Deep CDR engine. This value is intended for system use only and is not required for external integration. | |
| sanitized | object | Information of sanitized file. Only applicable to individual file sanitization, or original archive document sanitization level. | |
| file | integer | Size of sanitized file in bytes. | |
| sha256 | string | SHA256 hash of sanitized file. | |
| verdict | string | The verdict of the CDR process.
Enum: | |
| verdict | array[string] | The explanations for the verdict of the CDR process. | |
| scan | object | Result of the scanning process. | |
| data | string | Data ID of the requested file | |
| progress | integer | Track analysis progress until reaches 100. | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| start | string | Timestamp when the scanning process starts. | |
| total | integer | Total number of scanning engines used as part of this analysis. | |
| total | integer | Total time elapsed during scan (in milliseconds). | |
| scan | object | Scan results for each antivirus engine. The key is the name of the antivirus engine and the value is the result of the antivirus engine | |
| ClamAV | object | Scan report per each engine. | |
| def | string | The database definition time for this engine | |
| eng | string | The unique identification string for the engine | |
| location | string | Where this engine is deployed (local/remote). | |
| scan | integer | Scan result as index in the Processing Results table | |
| scan | integer | The time elapsed during scan with this engine (in milliseconds). | |
| threat | string | The threat name, IF scan result is Infected or Suspicious. Otherwise empty string or error message from the engine. | |
| wait | integer | Time elapsed between sending file to Core and receiving the result from the engine (in milliseconds). | |
| vulnerability | object | Contains all vulnerability information of the analysis result | |
| result | object | The result information provided by the OESIS Framework | |
| code | integer | The result code for vulnerability check, 0 means a successful check | |
| hash | string | The file's SHA1 hash value | |
| method | integer | The method used by OESIS Framework, it should be 50700 every time. Enum: | |
| timestamp | string | Timestamp of the request issued | |
| timing | integer | The vulnerability check's duration in milliseconds | |
| detected | object | Detected products object is present if input hash has been found to correspond to verified product | |
| has | boolean | Indicates whether any KBs or MSBs exist for this hash | |
| has | boolean | Indicates whether any vulnerabilities have been associated with the particular product | |
| is | boolean | True if this product's patch level is current, defaults to true | |
| product | object | Product data object | |
| id | integer | The OPSWAT product id | |
| name | string | The product name | |
| remediation | string | A link where product updates or patches can be obtained | |
| severity | string | String description of Severity level:
Enum: | |
| sig | string | Product signature descriptor | |
| signature | integer | OPSWAT signature id | |
| vendor | object | Vendor data object | |
| id | integer | The OPSWAT vendor id | |
| name | string | The vendor name | |
| version | string | The installed product version | |
| version | object | Object containing detailed patch information | |
| count | integer | The number of patches behind of the installed product | |
| feed | integer | The remote feed ID used to determine patch level | |
| version | string | The current version of the product in the remote feed | |
| vulnerabilites | array[object] | A list of specific vulnerabilities | |
| description | string | A text description of the specific vulnerability | |
| details | object | A set of optional vulnerability details | |
| cpe | string | A CPE product reference | |
| cve | string | A CVE identification string | |
| cvss | object | A set of cvss severity information | |
| access | string | A CVSS access-complexity descriptor | |
| access | string | A CVSS access-vector descriptor | |
| authentication | string | A CVSS authentication descriptor | |
| availability | string | A CVSS availability impact descriptor | |
| confidentiality | string | A CVSS confidentiality impact descriptor | |
| generated | string | An epoch timestamp indicating CVSS generation time | |
| integrity | string | A CVSS integrity impact descriptor | |
| score | string | A CVSS 10-point severity score | |
| source | string | A CVSS source descriptor | |
| cwe | string | A CWE group identification string | |
| last | string | An epoch timestamp indicating source last update time | |
| published | string | An epoch timestamp indicating source publishing time | |
| references | array[string] | An array of external reference links | |
| severity | string | String description of Severity level:
Enum: | |
| severity | integer | A 5 point scale numerical description of Severity level with 5 being greatest and 0 being unknown | |
| static | integer | An OPSWAT identifier for the vulnerability | |
| verdict | integer | The vulnerability check's duration in milliseconds
| |
| yara | object | Information on data that matched YARA rules | |
| hits | object | detailed results that contains the name of the matched rules and a description for each. | |
| verdict | integer | The overall result for the analyzed file. Value will be one of the following: | index | status | |---------------|------------------------------| | 0 | Clean | | 1 | Found matched data | | 2 | Suspicious | | 3 | Failed | | 4 | Not scanned | Enum: |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
The user has no rights for this operation.
Unexpected event on server
xxxxxxxxxx{ "data_id": "8101abae27be4d63859c55d9e0ed0135", "dlp_info": {...}, "download_info": {...}, "extraction_info": {...}, "file_info": {...}, "filetype_info": {...}, "opswatfilescan_info": {}, "process_info": {...}, "scan_results": {...}, "vulnerability_info": {...}, "yara": {...}}Fetch Analysis Result By Hash
Retrieve analysis result by hash
| apikey | string | Generated | |
| rule | string | Select rule for the analysis, if no header given the default rule will be selected (URL encoded UTF-8 string of rule name) | |
| selfonly | boolean | Useful to archive hash lookup. Allow specifying to only perform hash lookup against the original archive file self only, and skip searching all child files result within the original archive. Default value is false. | |
| timerange | integer | Scoping down the recent number of hours that hash lookup task should start from till now, instead of searching the entire scan history in MetaDefender Cluster database. Default value is 0. That means no time scope. | |
| include | boolean | False (default): API will return "Not Found" if the verdict is in progress. True: If the queried hash has a completed processing result before, API will return the completed processing result. If this hash doesn't have any completed processing result, API will return this In-progress result. |
| md5|sha1|sha256|sha512 | string | Hash value to search. This can be md5, sha1, sha256, sha512 |
| first | integer | The minimum: 0 Default: 0 | |
| size | integer | The number of items to be fetched next, counting from the item order indicated in maximum: 2000 minimum: 0 Default: 50 |
curl --get \ --url 'http://localhost:8899/hash/{md5|sha1|sha256|sha512}' \ --header 'apikey: {apikey}' \ --header 'rule: {rule}' \ --header 'selfonly: {selfonly}' \ --header 'timerange: {timerange}' \ --header 'include-inprogress: {include-inprogress}' \ --data first={first} \ --data size=50Get information of file
| object | object | ||
| data | string | data identifier of the requested file | |
| dlp | object | Full report from Proactive DLP | |
| certainty | string | Describes how certain the hit is, possible values:
Enum: | |
| errors | object | A list of error objects (empty if no errors happened), each error object contains following keys:
| |
| filename | string | Output processed file name (pre-configured on engine settings under Core's worflow rule) | |
| hits | object | Detailed results that contains as key the type of matched rule:
| |
| ccn | object | ||
| display | string | Credit Card Number, Social Security Number, or in case of RegEx, the name of the rule that has been given by the user | |
| hits | array[object] | A list of detections that matched this rule/pattern. | |
| after | string | The context after the matched data. | |
| before | string | The context before the matched data. | |
| certainty | string | The text version of "certainty_score", possible values:
Enum: | |
| certainty | integer | Is defined by the relevance of the given hit in its context. It is calculated based on multiple factors such as the number of digits, possible values: [0-100] | |
| hit | string | The matched data. | |
| location | string | The location of the hit that is found in a file. | |
| severity | integer | (NOTE: this field is deprecated): can be 0 (detected) or 1 (suspicious). Enum: | |
| tryRedact | boolean | If file was redacted or not. | |
| metadata | object | Result of metadata removal. | |
| result | string | Result of the metadata removal process, possible values:
Enum: | |
| redact | object | Result of redaction process. | |
| result | string | Result of the redaction process, possible values:
Enum: | |
| severity | integer | (NOTE: this field is deprecated): represents the severity of the data loss, possible values:
Enum: | |
| verdict | integer | The overall result for the scanned file. Possible values:
Enum: | |
| watermark | object | Result of watermarking process. | |
| result | string | Result of the watermarking process, possible values:
Enum: | |
| download | object | The downloading status. | |
| error | string | Revealed detailed reason why the download failed. | |
| progress | number | Only applicable when "status" is
| |
| status | string | Indicates download status, which could be either
| |
| url | string | Original download link which was specified in HTTP(S) request's | |
| extraction | object | Details for archive extraction. | |
| decrypted | string | Indicate that decryption phase is successful or not. Enum: | |
| err | string | Error category | |
| err | integer | Error code | |
| err | string | Error message | |
| is | boolean | Indicate if file is password-protected or not. | |
| file | object | basic information of the scanned file | |
| display | string | The filename reported via | |
| file | integer | Total file size in bytes. | |
| file | string | The filetype using mimetype. | |
| file | string | The filetype in human readable format. | |
| md5 | string | File's MD5 hash. | |
| sha1 | string | File's SHA1 hash. | |
| sha256 | string | File's SHA256 Hash. | |
| sha512 | string | File's SHA512 Hash. | |
| signer | array[object] | Digital signature information of the scanned file. | |
| digest | string | Digest algorithm. | |
| digest | string | Encryption algorithm. | |
| issuer | string | Entity that develops and registers the certificate. | |
| serial | string | Serial number of the certificate. | |
| vendor | string | Entity that is issued a certificate and utilize it for creating a digital signature. | |
| version | string | Version of X.509 that is used in the certificate. This version field is zero-based.
| |
| type | array[string] | File type category.
Enum: | |
| receive | string | The timestamp when upload progress started (first byte received) (in milliseconds) | |
| upload | integer | Total time elapsed for upload process (in milliseconds). | |
| upload | string | The timestamp when upload progress finished (all bytes received) (in milliseconds) | |
| filetype | object | response information from FileType engine | |
| file | object | ||
| description | string | File type description | |
| detected | string | Analyzer that detected the file type | |
| encrypted | boolean | File is password-protected or not | |
| extensions | string | File type extension | |
| groupID | string | File type category | |
| groupIDs | array[string] | File type category.
Enum: | |
| group | string | File type category description | |
| likely | array[object] | A list of likely file type IDs | |
| score | integer | Likelihood score of the file type | |
| typeID | string | File type ID | |
| type | string | MIME type | |
| typeID | string | File type ID | |
| type | array[string] | A list of file type IDs | |
| final | object | Final verdict of the file type analysis. | |
| verdict | string | Final verdict of the file type analysis. Enum: | |
| verdict | string | Explanation of the final verdict. | |
| is | boolean | Indicates if the file type does not match the expected type. | |
| result | string | SHA256 Hash of user-interface template. For web console only. | |
| spoofing | object | Spoofing information. | |
| detection | string | Result of the spoofing detection. | |
| result | string | Explanation of the spoofing detection result. | |
| result | string | Overview of the spoofing detection result. | |
| opswatfilescan | object | response information from OPSWAT Filescan engine | |
| process | object | Processing information | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| blocked | array[string] | Provides the reason why the file is blocked in an array (if so). | |
| file | boolean | Indicates if the input file's detected type was configured to skip scanning. | |
| hash | integer | Total time elapsed for computing hashes (in milliseconds). | |
| outdated | array[string] | array of flags - if occur - describing outdated data in the result, these can be
Enum: | |
| processing | integer | Total time elapsed during processing file (in milliseconds). | |
| processing | object | Processing time on each major workflow processing step. | |
| av | integer | AV engines' processing time. | |
| cdr | integer | Deep CDR engine's sanitization time. | |
| dlp | integer | Proactive DLP engine's processing time. | |
| extraction | integer | Archive extraction engine's processing time. | |
| filetype | integer | FileType engine's processing time. | |
| opswatfilescan | integer | OPSWAT Filescan engine's processing time. | |
| others | integer | Total time elapsed for following processing tasks in the product (in milliseconds):
| |
| parse | integer | Digital signature analyzing time. | |
| vul | integer | Vulnerability engine's lookup time. | |
| yara | integer | YARA engine's processing time. | |
| filetype | integer | FileType engine's wait time. | |
| profile | string | The used rule name. | |
| progress | integer | Percentage of processing completed (from 1-100). | |
| queue | integer | Total time elapsed for file processing task was waiting in MetaDefender Core’s queue until being picked up (queue_time = start_time - upload_timestamp) (in milliseconds). | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| user | string | Identifier for the REST Client that calls the API. | |
| username | string | User identifier who submitted scan request earlier. | |
| verdicts | array[string] | Aggregated list of potential issues. | |
| post | object | Contains information about result of sanitization process and any action done after finalizing the process using Post Actions. | |
| actions | string | Empty string if no action failed or list of failed actions, separated by "|". | |
| actions | string | List of successful actions, separated by "|". Empty string if otherwise. | |
| converted | string | Contains the name of the sanitized file. | |
| converted | string | Contains target type name of sanitization. | |
| copy | string | Contains target type name of sanitization. | |
| sanitization | object | Deep CDR module returns forensic info to describe what happened during the process in the case file was successfully sanitized. | |
| cdr | integer | The time in milliseconds that the CDR process took to complete. | |
| description | string | Action was successful or not. | |
| details | array[object] | List of all sanitized objects | |
| action | string | The type of action that was performed Enum: | |
| count | integer | The number of objects that were sanitized/removed. | |
| details | object | List of all sanitized objects of a sanitized embedded file | |
| action | string | The type of action that was performed Enum: | |
| count | integer | The number of objects that were sanitized/removed. | |
| object | array[string] | Additional information about the sanitized object | |
| object | string | The object type that was sanitized/removed. | |
| description | string | Action was successful or not. | |
| file | string | If an embedded file was sanitized. | |
| object | array[string] | Additional information about the sanitized object | |
| object | string | The object type that was sanitized/removed. | |
| failure | string | Deep CDR errors are classified into different categories. For more details, please find Troubleshooting sanitization failures | |
| result | string | The result of the CDR process.
Enum: | |
| result | string | The hash value of the result template, which is used for displaying results on the Core UI and for internal communication between MetaDefender Core and the Deep CDR engine. This value is intended for system use only and is not required for external integration. | |
| sanitized | object | Information of sanitized file. Only applicable to individual file sanitization, or original archive document sanitization level. | |
| file | integer | Size of sanitized file in bytes. | |
| sha256 | string | SHA256 hash of sanitized file. | |
| verdict | string | The verdict of the CDR process.
Enum: | |
| verdict | array[string] | The explanations for the verdict of the CDR process. | |
| scan | object | Result of the scanning process. | |
| data | string | Data ID of the requested file | |
| progress | integer | Track analysis progress until reaches 100. | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| start | string | Timestamp when the scanning process starts. | |
| total | integer | Total number of scanning engines used as part of this analysis. | |
| total | integer | Total time elapsed during scan (in milliseconds). | |
| scan | object | Scan results for each antivirus engine. The key is the name of the antivirus engine and the value is the result of the antivirus engine | |
| ClamAV | object | Scan report per each engine. | |
| def | string | The database definition time for this engine | |
| eng | string | The unique identification string for the engine | |
| location | string | Where this engine is deployed (local/remote). | |
| scan | integer | Scan result as index in the Processing Results table | |
| scan | integer | The time elapsed during scan with this engine (in milliseconds). | |
| threat | string | The threat name, IF scan result is Infected or Suspicious. Otherwise empty string or error message from the engine. | |
| wait | integer | Time elapsed between sending file to Core and receiving the result from the engine (in milliseconds). | |
| vulnerability | object | Contains all vulnerability information of the analysis result | |
| result | object | The result information provided by the OESIS Framework | |
| code | integer | The result code for vulnerability check, 0 means a successful check | |
| hash | string | The file's SHA1 hash value | |
| method | integer | The method used by OESIS Framework, it should be 50700 every time. Enum: | |
| timestamp | string | Timestamp of the request issued | |
| timing | integer | The vulnerability check's duration in milliseconds | |
| detected | object | Detected products object is present if input hash has been found to correspond to verified product | |
| has | boolean | Indicates whether any KBs or MSBs exist for this hash | |
| has | boolean | Indicates whether any vulnerabilities have been associated with the particular product | |
| is | boolean | True if this product's patch level is current, defaults to true | |
| product | object | Product data object | |
| id | integer | The OPSWAT product id | |
| name | string | The product name | |
| remediation | string | A link where product updates or patches can be obtained | |
| severity | string | String description of Severity level:
Enum: | |
| sig | string | Product signature descriptor | |
| signature | integer | OPSWAT signature id | |
| vendor | object | Vendor data object | |
| id | integer | The OPSWAT vendor id | |
| name | string | The vendor name | |
| version | string | The installed product version | |
| version | object | Object containing detailed patch information | |
| count | integer | The number of patches behind of the installed product | |
| feed | integer | The remote feed ID used to determine patch level | |
| version | string | The current version of the product in the remote feed | |
| vulnerabilites | array[object] | A list of specific vulnerabilities | |
| description | string | A text description of the specific vulnerability | |
| details | object | A set of optional vulnerability details | |
| cpe | string | A CPE product reference | |
| cve | string | A CVE identification string | |
| cvss | object | A set of cvss severity information | |
| access | string | A CVSS access-complexity descriptor | |
| access | string | A CVSS access-vector descriptor | |
| authentication | string | A CVSS authentication descriptor | |
| availability | string | A CVSS availability impact descriptor | |
| confidentiality | string | A CVSS confidentiality impact descriptor | |
| generated | string | An epoch timestamp indicating CVSS generation time | |
| integrity | string | A CVSS integrity impact descriptor | |
| score | string | A CVSS 10-point severity score | |
| source | string | A CVSS source descriptor | |
| cwe | string | A CWE group identification string | |
| last | string | An epoch timestamp indicating source last update time | |
| published | string | An epoch timestamp indicating source publishing time | |
| references | array[string] | An array of external reference links | |
| severity | string | String description of Severity level:
Enum: | |
| severity | integer | A 5 point scale numerical description of Severity level with 5 being greatest and 0 being unknown | |
| static | integer | An OPSWAT identifier for the vulnerability | |
| verdict | integer | The vulnerability check's duration in milliseconds
| |
| yara | object | Information on data that matched YARA rules | |
| hits | object | detailed results that contains the name of the matched rules and a description for each. | |
| verdict | integer | The overall result for the analyzed file. Value will be one of the following: | index | status | |---------------|------------------------------| | 0 | Clean | | 1 | Found matched data | | 2 | Suspicious | | 3 | Failed | | 4 | Not scanned | Enum: |
Invalid hash format
xxxxxxxxxx{ "data_id": "8101abae27be4d63859c55d9e0ed0135", "dlp_info": {...}, "download_info": {...}, "extraction_info": {...}, "file_info": {...}, "filetype_info": {...}, "opswatfilescan_info": {}, "process_info": {...}, "scan_results": {...}, "vulnerability_info": {...}, "yara": {...}}Fetching Available Analysis Rules
Retrieve all available rules with their custom configurations. Fetching available processing rules.
| apikey | string | Generated
| |
| user | string | The user agent string value sent in the header (specified by the client). Only those rules are returned, that:
For details see KB article What are Security Policies and how do I use them?. |
curl --get \ --url 'http://localhost:8899/file/rules' \ --header 'apikey: {apikey}' \ --header 'user_agent: {user_agent}'Returns the list of available rules.
| array | array[object] | ||
| max | integer | The maximum allowed file size (in bytes) for this rule. | |
| name | string | A unique identifier for identify in the used rule for a scan.. | |
| global | object | The global timeout for the rule in seconds. If the rule takes longer than this time, it will be stopped. | |
| value | integer | The timeout value in seconds. | |
| enabled | boolean | Indicates whether the global timeout is enabled. |
Unexpected event on server
[ { "max_file_size": 200000000, "name": "File scan", "global_timeout": { "value": 1440, "enabled": false } }]Download Sanitized Files
Retrieve sanitized file based on the data_id
| apikey | string | Generated |
| data | string | The data_id comes from the result of |
curl --get \ --url 'http://localhost:8899/file/converted/8101abae27be4d63859c55d9e0ed0135' \ --header 'apikey: {apikey}'Returns the sanitized content.
| file | file |
Requests resource was not found.
The user has no rights for this operation.
Unexpected event on server
<Raw bytes content>Download either sanitized files or DLP processed files
Retrieve sanitized file based on the data_id.
In case there's no sanitized file, and DLP processed file is available, user will retrieve DLP processed file.
| apikey | string | Generated |
| data | string | The data_id comes from the result of |
curl --get \ --url 'http://localhost:8899/file/download/8101abae27be4d63859c55d9e0ed0135' \ --header 'apikey: {apikey}'Returns the sanitized or DLP processed content.
| file | file |
File could not be found
The user has no rights for this operation.
Unexpected event on server
<Raw bytes content>Cancel File Analysis
When cancelling a file analysis, the connected analysis (e.g. files in an archive) that are still in progress will be cancelled also.
The cancelled analysis will be automatically closed.
| apikey | string | Generated |
| data | string | Unique submission identifier. Use this value to reference the submission. |
curl --request POST \ --url 'http://localhost:8899/file/{data_id}/cancel' \ --header 'apikey: {apikey}'Analysis was sucessfully cancelled.
| object | object |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Data ID not found (invalid id) or Requests resource was not found
The user has no rights for this operation.
Unexpected event on server
{ "<<data_id>>": "cancelled"}Query webhook status
Prior to being notified when webhook mode is enabled, the client can request MetaDefender Cluster API Gateway for the file processing webhook status at any time.
| apikey | string | Generated |
| data | string | The |
curl --get \ --url 'http://localhost:8899/file/webhook/{data_id}' \ --header 'apikey: {apikey}'Webhook status is fetched successfully.
| object | object | ||
| data | string | The file submission identifier | |
| request | string | A timestamp when the request has been made. | |
| status | integer | What was the returned HTTP status code.
| |
| url | string | What was the called URL (should match the |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Requests resource was not found.
Unexpected event on server
{ "data_id": "j2939fh3ifoqkhwhr3h9h1h0re", "request_time": "{string}", "status_code": 200, "url": "https://apigateway.corporate.com/metadefender/callbackurl"}Batch
Group the analysis requests in batches. Supported with endpoints: MetaDefender Cluster API Gateway.
Initiate Batch
Create a new batch and retrieve the batch_id
| apikey | string | Generated | |
| rule | string | Select rule for the analysis, if no header given the default rule will be selected (URL encoded UTF-8 string of rule name) | |
| user | string | user_agent header used to identify (and limit) access to a particular rule. For rule selection, | |
| user | string | Name of the batch (max 1024 bytes, URL encoded UTF-8 string). |
curl --request POST \ --url 'http://localhost:8899/file/batch' \ --header 'apikey: {apikey}' \ --header 'rule: {rule}' \ --header 'user_agent: {user_agent}' \ --header 'user-data: {user-data}'Batch created successfully.
| object | object | ||
| batch | string | The batch identifier used to submit files in the batch and to close the batch. |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Unexpected event on server
{ "batch_id": "74c85f475147439bac4d33b181853923"}Close Batch
The batch will be closed and files can no longer be added to the current batch.
| apikey | string | Generated |
| batchId | string | The batch identifier used to submit files in the batch and to close the batch. |
curl --request POST \ --url 'http://localhost:8899/file/batch/{batchId}/close' \ --header 'apikey: {apikey}'Batch successfully closed.
| object | object | The response for a Batch status request. | |
| batch | object | Information about the files included in this batch. | |
| batch | integer | The total number of files/entries in the batch. | |
| current | integer | The total number of files/entries that have been fully processed in the batch. | |
| files | array[object] | The list of files in the batch. | |
| data | string | Unique identifer for the file. | |
| detected | integer | Total number of engines that detected this file. | |
| display | string | The filename reported via | |
| file | integer | Total file size in bytes. | |
| file | string | The filetype using mimetype. | |
| file | string | The filetype in human readable format. | |
| process | object | The analysis summary | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| progress | integer | Percentage of processing completed (from 1-100). | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| verdicts | array[string] | Aggregated list of potential issues. | |
| progress | integer | Track analysis progress until reaches 100. | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| scanned | integer | The total number of engines used to analyze this file. | |
| first | integer | The starting index in the batch. Used for pagination. | |
| page | integer | The number of entries per page. | |
| batch | string | The batch unique identifer | |
| is | boolean | The batch status (open/close). | |
| process | object | Overall batch process result | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| file | boolean | Indicates if the input file's detected type was configured to skip scanning. | |
| profile | string | The used rule name. | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| user | string | Identifier for the REST Client that calls the API. | |
| username | string | User identifier who submitted scan request earlier. | |
| scan | object | Metascan analysis result. | |
| batch | string | The batch unique identifer | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| start | string | Timestamp when the scanning process starts. | |
| total | integer | Total number of scanning engines used as part of this analysis. Not like files, batch is not processed by engine, so this value is always 0. | |
| total | integer | Total time elapsed during scan (in milliseconds). | |
| user | string | Metadata submitted at batch creation. |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Requests resource was not found.
Unexpected event on server
{ "batch_files": { "batch_count": 4, "current_finished_files": 4, "files_in_batch": [ { "data_id": "24c8b5dadd48445989ac3431544fdc34", "detected_by": 4, "display_name": "eicar.com", "file_size": 68, "file_type": "application/octet-stream", "file_type_description": "EICAR virus test files", "process_info": { "blocked_reason": "Infected", "progress_percentage": 100, "result": "Blocked", "verdicts": [ "Infected" ] }, "progress_percentage": 100, "scan_all_result_a": "No Threat Detected", "scan_all_result_i": 0, "scanned_with": 4 } ], "first_index": 0, "page_size": 50 }, "batch_id": "b7cc760038324b02908a5c111cb1563d", "is_closed": true, "process_info": { "blocked_reason": "Infected", "file_type_skipped_scan": false, "profile": "File process", "result": "Blocked", "user_agent": "mdicapserver", "username": "LOCAL/admin" }, "scan_results": { "batch_id": "b7cc760038324b02908a5c111cb1563d", "scan_all_result_a": "No Threat Detected", "scan_all_result_i": 0, "start_time": "2020-03-12T08:37:05.427Z", "total_avs": 0, "total_time": 18403 }, "user_data": "http://localhost:8899/"}Status of Batch Analysis
Retrieve status report for the entire batch
| apikey | string | Generated |
| batchId | string | The batch identifier used to submit files in the batch and to close the batch. |
| first | integer | The first item order in the list of files in this batch minimum: 0 Default: 0 | |
| size | integer | The number of items to be fetched next, counting from the item order indicated in maximum: 2000 minimum: 0 Default: 50 |
curl --get \ --url 'http://localhost:8899/file/batch/{batchId}' \ --header 'apikey: {apikey}' \ --data first={first} \ --data size=50Batch progress paginated report (50 entries/page).
| object | object | The response for a Batch status request. | |
| batch | object | Information about the files included in this batch. | |
| batch | integer | The total number of files/entries in the batch. | |
| current | integer | The total number of files/entries that have been fully processed in the batch. | |
| files | array[object] | The list of files in the batch. | |
| data | string | Unique identifer for the file. | |
| detected | integer | Total number of engines that detected this file. | |
| display | string | The filename reported via | |
| file | integer | Total file size in bytes. | |
| file | string | The filetype using mimetype. | |
| file | string | The filetype in human readable format. | |
| process | object | The analysis summary | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| progress | integer | Percentage of processing completed (from 1-100). | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| verdicts | array[string] | Aggregated list of potential issues. | |
| progress | integer | Track analysis progress until reaches 100. | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| scanned | integer | The total number of engines used to analyze this file. | |
| first | integer | The starting index in the batch. Used for pagination. | |
| page | integer | The number of entries per page. | |
| batch | string | The batch unique identifer | |
| is | boolean | The batch status (open/close). | |
| process | object | Overall batch process result | |
| blocked | string | Provides the reason why the file is blocked (if so). | |
| file | boolean | Indicates if the input file's detected type was configured to skip scanning. | |
| profile | string | The used rule name. | |
| result | string | The final result of processing the file (Allowed / Blocked / Processing). | |
| user | string | Identifier for the REST Client that calls the API. | |
| username | string | User identifier who submitted scan request earlier. | |
| scan | object | Metascan analysis result. | |
| batch | string | The batch unique identifer | |
| scan | string | Processing result and its index
Enum: | |
| scan | integer | Scan result as index in the Processing Results table above Enum: | |
| start | string | Timestamp when the scanning process starts. | |
| total | integer | Total number of scanning engines used as part of this analysis. Not like files, batch is not processed by engine, so this value is always 0. | |
| total | integer | Total time elapsed during scan (in milliseconds). | |
| user | string | Metadata submitted at batch creation. |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Requests resource was not found.
Unexpected event on server
{ "batch_files": { "batch_count": 4, "current_finished_files": 3, "files_in_batch": [ { "data_id": "24c8b5dadd48445989ac3431544fdc34", "detected_by": 4, "display_name": "eicar.com", "file_size": 68, "file_type": "application/octet-stream", "file_type_description": "EICAR virus test files", "process_info": { "blocked_reason": "Infected", "progress_percentage": 100, "result": "Blocked", "verdicts": [ "Infected" ] }, "progress_percentage": 100, "scan_all_result_a": "No Threat Detected", "scan_all_result_i": 0, "scanned_with": 4 } ], "first_index": 0, "page_size": 50 }, "batch_id": "b7cc760038324b02908a5c111cb1563d", "is_closed": false, "process_info": { "blocked_reason": "Infected", "file_type_skipped_scan": false, "profile": "File process", "result": "Processing", "user_agent": "mdicapserver", "username": "LOCAL/admin" }, "scan_results": { "batch_id": "b7cc760038324b02908a5c111cb1563d", "scan_all_result_a": "No Threat Detected", "scan_all_result_i": 0, "start_time": "2020-03-12T08:37:05.427Z", "total_avs": 0, "total_time": -1 }, "user_data": "http://localhost:8899/"}Download Signed Batch Result
Download digitally signed status report for the entire batch
| apikey | string | Generated | |
| metadata | string | In JSON format, this can be used to: Include additional information in the response YML. Currently, one supported field in the metadata is |
| batchId | string | The batch identifier used to submit files in the batch and to close the batch. |
curl --get \ --url 'http://localhost:8899/file/batch/{batchId}/certificate' \ --header 'apikey: {apikey}' \ --header 'metadata: { "include_vul_info": true}'Signed batch result and certificate are sent back in response body (YAML format).
| No response body |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Requests resource was not found.
Unexpected event on server
--- batch_id: 092876200fb54cfb80b6e3332c410ae9 user_data: the user data from the header from batch creation cert_sha1_fingerprint: <some cert serial value> batch_files: batch_count: 1 files_in_batch: - data_id: 9112b225f0634f189a2bb46ec1a7826f display_name: New%20Text%20Document.txt file_size: 5 scan_all_result_i: 0 process_info: blocked_reason: result: Allowed md5: 42b130c3ce46e058f30712838cebf420 sha1: ed94baf55ca851055fb76045f6949bca2f865605 sha256: f4191b3ec6ce93aaf712919a38e52815c5da9c91d2b141df920bc8bcb5cbb8e3 sha512: "" vulnerabilities: - cve: CVE-2021-45463 cvss: score: 6.8 cvss_3_0: base_score: 7.8 - cve: CVE-2018-12713 cvss: score: 6.4 cvss_3_0: base_score: 9.1process_info: blocked_reason: file_type_skipped_scan: false profile: File scan result: Allowed user_agent: webscanscan_results: scan_all_result_a: No Threat Detected scan_all_result_i: 0 start_time: 2017-05-23T11:22:03.010Z total_avs: 14 total_time: 995...--- signature: 881d22220c4ca0557d7c7d5c5794d53a8a2780997cd65b27b6e7f1c099a15de03dbcb5edbeaea7aafa6099fab37be07017b39e3e3a7d66c550f44eb59a096c54d5b9555cb28198546fbec57c33b717751d333a09733d95dd876e2798d044c8caef828f4352b91f9a6d057253bb1a9461e0e0e0bf4313a80895998d645bebc81841ff3499589c80ffc4e8a190d1ec9b3e4126d86659d303b0e1f22d9289c9c4671d35532b55ad4620e048a78bb405b573897da63efdd5f036692c934a82d9bdc9b9862e7fea5e8abeeb1444be0689d50373c5c0632484950c0fe0337ed5f91bdf26986f7cff8aa3431bf4bc948fc127c16ba13ec679fe9f67e7586075c1f467454fa8cf40e9cd501291c95d862eb16f4477c17d1711294f0ff2b3a1140bd53dbd1fbb0846af6062e9e4e2e1a09af3448503ed11e342164e535fc268bf7d8fbc28ed946cd2bb8ea075f2295d2fa8392076d41608c3b5decf8fab3a5ec7de190f07583331e0517e5f361735cd59326622dc8b07b10a464028de781a063e408f918c1d5534329140f4e4dc1a717d808d6784410410b00d36cb9a345f5bbc11fa1c58ee28f8e7b863f3ea2c923ec5fb2ac29eaa4ddc0d6d9dfd3f16a97f207dc2858410a577c7f4a92ff01bad3229f5fcdb08e21df9869a113272aa9d96bfdfe8bfb3a50414c174e16a3504e5780c2718779b0757298546f287ef7ea86e67510d48a8 certificate: | -----BEGIN CERTIFICATE----- MIIGJzCCBA+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRlIx DzANBgNVBAgMBkFsc2FjZTETMBEGA1UEBwwKU3RyYXNib3VyZzEYMBYGA1UECgwP d3d3LmZyZWVsYW4ub3JnMRAwDgYDVQQLDAdmcmVlbGFuMS0wKwYDVQQDDCRGcmVl bGFuIFNhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEW E2NvbnRhY3RAZnJlZWxhbi5vcmcwHhcNMTIwNDI3MTAzMTE4WhcNMjIwNDI1MTAz MTE4WjB+MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRgwFgYDVQQKDA93 d3cuZnJlZWxhbi5vcmcxEDAOBgNVBAsMB2ZyZWVsYW4xDjAMBgNVBAMMBWFsaWNl MSIwIAYJKoZIhvcNAQkBFhNjb250YWN0QGZyZWVsYW4ub3JnMIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEA3W29+ID6194bH6ejLrIC4hb2Ugo8v6ZC+Mrc k2dNYMNPjcOKABvxxEtBamnSaeU/IY7FC/giN622LEtV/3oDcrua0+yWuVafyxmZ yTKUb4/GUgafRQPf/eiX9urWurtIK7XgNGFNUjYPq4dSJQPPhwCHE/LKAykWnZBX RrX0Dq4XyApNku0IpjIjEXH+8ixE12wH8wt7DEvdO7T3N3CfUbaITl1qBX+Nm2Z6 q4Ag/u5rl8NJfXg71ZmXA3XOj7zFvpyapRIZcPmkvZYn7SMCp8dXyXHPdpSiIWL2 uB3KiO4JrUYvt2GzLBUThp+lNSZaZ/Q3yOaAAUkOx+1h08285Pi+P8lO+H2Xic4S vMq1xtLg2bNoPC5KnbRfuFPuUD2/3dSiiragJ6uYDLOyWJDivKGt/72OVTEPAL9o 6T2pGZrwbQuiFGrGTMZOvWMSpQtNl+tCCXlT4mWqJDRwuMGrI4DnnGzt3IKqNwS4 Qyo9KqjMIPwnXZAmWPm3FOKe4sFwc5fpawKO01JZewDsYTDxVj+cwXwFxbE2yBiF z2FAHwfopwaH35p3C6lkcgP2k/zgAlnBluzACUI+MKJ/G0gv/uAhj1OHJQ3L6kn1 SpvQ41/ueBjlunExqQSYD7GtZ1Kg8uOcq2r+WISE3Qc9MpQFFkUVllmgWGwYDuN3 Zsez95kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFlfyRO6G8y5qEFKikl5 ajb2fT7XMB8GA1UdIwQYMBaAFCNsLT0+KV14uGw+quK7Lh5sh/JTMA0GCSqGSIb3 DQEBBQUAA4ICAQAT5wJFPqervbja5+90iKxi1d0QVtVGB+z6aoAMuWK+qgi0vgvr mu9ot2lvTSCSnRhjeiP0SIdqFMORmBtOCFk/kYDp9M/91b+vS+S9eAlxrNCB5VOf PqxEPp/wv1rBcE4GBO/c6HcFon3F+oBYCsUQbZDKSSZxhDm3mj7pb67FNbZbJIzJ 70HDsRe2O04oiTx+h6g6pW3cOQMgIAvFgKN5Ex727K4230B0NIdGkzuj4KSML0NM slSAcXZ41OoSKNjy44BVEZv0ZdxTDrRM4EwJtNyggFzmtTuV02nkUj1bYYYC5f0L ADr6s0XMyaNk8twlWYlYDZ5uKDpVRVBfiGcq0uJIzIvemhuTrofh8pBQQNkPRDFT Rq1iTo1Ihhl3/Fl1kXk1WR3jTjNb4jHX7lIoXwpwp767HAPKGhjQ9cFbnHMEtkro RlJYdtRq5mccDtwT0GFyoJLLBZdHHMHJz0F9H7FNk2tTQQMhK5MVYwg+LIaee586 CQVqfbscp7evlgjLW98H+5zylRHAgoH2G79aHljNKMp9BOuq6SnEglEsiWGVtu2l hnx8SB3sVJZHeer8f/UQQwqbAO+Kdy70NmbSaqaVtp8jOxLiidWkwSyRTsuU6D8i DiH5uEqBXExjrj0FslxcVKdVj5glVcSmkLwZKbEU1OKwleT/iXFhvooWhQ== -----END CERTIFICATE-----... Cancel Batch
When cancelling a batch, the connected analysis that are still in progress will be cancelled also.
The cancelled batch will be closed.
| apikey | string | Generated |
| batchId | string | The batch identifier used to submit files in the batch and to close the batch. |
curl --request POST \ --url 'http://localhost:8899/file/batch/{batchId}/cancel' \ --header 'apikey: {apikey}'Batch cancelled.
| object | object |
Bad Request (e.g. header is invalid, apikey is missing or invalid, parameter value is invalid or out of range, etc).
Invalid user information or Not Allowed
Batch not found (invalid id)
Unexpected event on server
{ "<<batch_id>>": "cancelled"}License
Retrieve the current license information.
Get current license information
Fetch details about the longest expiry active license among all activated licenses.
| apikey | string | Generated |
curl --get \ --url 'http://localhost:8899/admin/license' \ --header 'apikey: {apikey}'Information about the licensed product (product type, number of activations, deploymentId, expiration date and days left)
| object | object | Information about the licensed product (product type, number of activations, deploymentId, expiration date and days left) | |
| days | integer | Number of days left before expiration | |
| expiration | string | Expiration date in MM/DD/YYYY format. | |
| licensed | array[string] | List of engine/module identifiers that have been licensed | |
| licensed | string | Name of the entity to which the license is issued. | |
| max | string | Total number of deployed MetaDefender Agents attached to this MetaDefender Core instance. | |
| online | boolean | Track online/offline activation mode | |
| product | string | Official MetaDefender base SKU licensed. | |
| product | string | Official MetaDefender base product name licensed. |
Invalid user information or Not Allowed
The user has no rights for this operation.
Unexpected event on server
{ "activation_key": "", "days_left": 3731, "deployment": "", "expiration": "09/30/2026", "licensed_engines": "*", "licensed_to": "OPSWAT, Inc.", "max_agent_count": "10", "online_activated": true, "product_id": "MSCL-4-unlimited", "product_name": "Metadefender Core 5 Linux"}Stats
Health check and statistics about MetaDefender Core instance usage.
Engine Status
Return the status of the latest engines between the MetaDefender Core instances.
| apikey | string | Generated |
curl --get \ --url 'http://localhost:8899/stat/engines' \ --header 'apikey: {apikey}'An array with all the engines and their details.
| array | array[object] | ||
| abandoned | boolean | Indicates if this engine is abandoned. | |
| active | boolean | If used by at least one engine | |
| def | string | The database definition time for this engine | |
| download | integer | The percentage progress of download | |
| download | string | When this engine downloaded from the update server. | |
| eng | string | Engine internal ID | |
| eng | string | Engine name | |
| eng | string | Engine type in human readable form | |
| eng | string | Engine's version (format differs from one engine to another). | |
| engine | string | Engine's type:
Enum: | |
| pinned | boolean | Indicate if this engine is pinned. | |
| state | string | Status of the engine:
Enum: | |
| type | string | The type of information, whether it is engine or engine's database. |
[ { "abandoned": false, "active": true, "def_time": "2020-04-17T02:37:05.000Z", "download_progress": 100, "download_time": "2020-04-17T08:17:22.810Z", "eng_id": "clamav_1_linux", "eng_name": "ClamAV", "eng_type": "Bundled engine", "eng_ver": "3.0-43", "engine_type": "av", "notified_messages": [], "pinned": false, "state": "production", "type": "engine" }]Instance Status Overview
Retrieve status details of all available MetaDefender Core instances.
| apikey | string | Generated |
curl --get \ --url 'http://localhost:8899/stat/nodes' \ --header 'apikey: {apikey}'Status details of MetaDefender Core instances.
| object | object | ||
| external | boolean | Indicates whether external nodes can connect; always true. | |
| max | integer | Total number of available MetaDefender Core instances. | |
| statuses | array[object] | List of MetaDefender Core instance status details. | |
| address | string | Location of the Core instance; currently always return empty string. | |
| available | integer | The number of available RAM in this system. | |
| cpu | integer | The number of CPU Cores allocated to this Core instance. | |
| current | integer | Number of objects currently being processed by the Core instance. | |
| engines | array[object] | Summary of each engine status deployed on this Core. | |
| active | boolean | If used by at least one engine | |
| db | string | The database version for this engine | |
| def | string | The database definition time for this engine | |
| download | string | The database download time for this engine | |
| eng | string | Engine name | |
| eng | string | Engine's version (format differs from one engine to another). | |
| engine | string | Engine's type:
Enum: | |
| id | string | Engine internal ID | |
| free | integer | Reported available disk on Core instance (in bytes). | |
| id | string | Identifier of the worker that deployed this Core instance. | |
| info | array[object] | Report disk space usage from the host where the MetaDefender Core instance is installed. | |
| free | integer | Free space on the disk (in bytes). | |
| location | string | Disk location. | |
| total | integer | Total space on the disk (in bytes). | |
| issues | array[object] | A list of all potential problems on Core instance. | |
| description | string | Text detailing the issue. | |
| severity | string | How important is the reported issue. | |
| load | integer | Current CPU utilization on Core instance (in percentage). | |
| os | string | Current used OS | |
| scan | integer | Number of objects currently being processed by the Core instance. | |
| scan | object | Current load of scan queue in details | |
| archive | number | Ratio of archive scan queue, always -1 for Core in Cluster mode. | |
| available | integer | The number of slots is available, always -1 for Core in Cluster mode. | |
| extracted | integer | Number of child files being processing | |
| file | integer | Number of files taken from REST by the current Core instance | |
| total | integer | Total scan queue, always -1 for Core in Cluster mode. | |
| total | integer | The amount of disk space is allocated on Core instance (in Byte). | |
| total | integer | How much memory is allocated on Core instance (in MB). | |
| total | integer | The maximum queue size is allowed, always -1 for Core in Cluster mode. | |
| uptime | integer | How long this Core is in operation (in second). | |
| version | string | Product version |
Invalid user information or Not Allowed
The user has no rights for this operation.
{ "external_nodes_allowed": true, "max_node_count": 1, "statuses": [ { "address": "{string}", "available_mem": 2825, "cpu_cores": 8, "current_processing_files": 24, "engines": [ { "active": true, "db_ver": "25050", "def_time": "2020-04-17T02:37:05.000Z", "download_time": "2020-04-17T04:32:05.000Z", "eng_name": "ClamAV", "eng_ver": "3.0-43", "engine_type": "av", "id": "clamav_1_linux", "issues": [] } ], "free_disk_space": 1739928, "id": "ecc114e4fc0bbb4f8382c881617b4480", "info_disk_space": [ { "dirs": [ "core_log_path", "data", "dlp", "installation", "nginx_log_path", "quarantine", "resource", "sanitized" ], "free": 1739928, "location": "C", "total": 500000878592 } ], "issues": [ { "description": "1 engines are not deployed to this Core", "severity": "warning" } ], "load": 14, "os": "Linux Mint 18.3 Sylvia", "scan_queue": 24, "scan_queue_details": { "archive_scan_queue_ratio": -1, "available_slots": -1, "extracted_file_slots": 50, "file_slots": 10, "total_scan_queue": -1 }, "total_disk_space": 500000878592, "total_mem": 40100, "total_scan_queue": -1, "uptime": 12791, "version": "5.15.1" } ]}Get health check status
Fetch current status of system health.
| verbose | boolean | Optional. Show detailed result of system health. |
curl --get \ --url 'http://localhost:8899/readyz' \ --data verbose=trueSystem is currently healthy.
| object | object | System readiness / health status. | |
| status | boolean | System-wide status, indicate if all components are healthy. | |
| scan | object | Scan queue status. | |
| number | integer | Number of objects being processed by the system. | |
| status | boolean | The operational status of the scan process; true if the system contains the required minimum of healthy MetaDefender Core instances. | |
| license | object | License status. | |
| status | string | License status. Enum: | |
| components | object | Core component statuses. | |
| status | boolean | Aggregate component status. | |
| datalake | object | DataLake status. | |
| status | boolean | DataLake overall status. | |
| detail | string | Status detail message | |
| caching | object | Caching status. | |
| status | boolean | Caching overall status. | |
| detail | string | Status detail message. | |
| broker | object | Broker status. | |
| status | boolean | Broker overall status. | |
| detail | string | Status detail message. | |
| filestorage | object | File storage status. | |
| status | boolean | File storage overall status. | |
| detail | string | Status detail message. | |
| identity | object | Identity service status. | |
| status | boolean | Identity service overall status. | |
| detail | string | Status detail message. | |
| ometascan | object | Status of MetaDefender Core instances | |
| status | boolean | MetaDefender Core overall status. | |
| detail | string | Detail message. | |
| instance | array[string] | List of instance status. | |
| callback | object | Webhook callback service status. | |
| status | boolean | Callback service overall status. | |
| instance | array[string] | List of instance status. |
Unexpected event on server
System is currently unhealthy.
{ "status": true, "scan_queue": { "number_in_queue": 42, "status": true }, "license": { "status": "ok" }, "components": { "status": true, "datalake": { "status": true, "detail": "Healthy" }, "caching": { "status": true, "detail": "Healthy" }, "broker": { "status": true, "detail": "Healthy" }, "filestorage": { "status": true, "detail": "Healthy" }, "identity": { "status": true, "detail": "Healthy" } }, "ometascan": { "status": true, "detail": "All MetaDefender Core instances healthy.", "instance": [ "8ff354cb076e154893dbf61734f3cf8e: Healthy", "a1b2c3d4e5f60718293a4b5c6d7e8f90: Healthy" ] }, "callback-service": { "status": true, "instance": [ "8a5a6bfaad1e4c0caf7da10785fa9e8a: Healthy" ] }}