Table of contents
Topics on this page

Scan result format

A JSON containing information about the scan. Specifically, it includes:

  • timestamp: A unique number that corresponds to the time when the scan result is published.
  • sqs_message_id: The SQS message ID of this event. AWS scanner only.
  • xamz_request_id: The request ID of S3. AWS scanner only.
  • file_url: The URL to the scanned file in AWS S3, Azure Blob or GCP Cloud Storage.
  • file_name: The scanned file name. AWS scanner only.
  • scan_start_timestamp: A unique number that corresponds to the time when the scan started.
  • scanner_status and scanner_status_message:

    This pairing has the following values:

    • 0, "successful scan": Indicates that the scan finished successfully.
    • -1, "invalid license status": Usually indicates that File Storage Security is not fully configured. The most likely reason for an incomplete deployment is that ARNs have not yet been submitted through the File Storage Security console or API. For instructions on submitting the ARNs, see Add Stacks or Deploy stacks using the API. This message could also indicate that your license is not valid, or that File Storage Security was not able to push a new license to your stack.
    • -2, "unsuccessful scan": Indicates that the ScannerLambda function was unable to scan the file.
    • -3, "scanner error": Indicates that an internal error occurred in the ScannerLambda function.
    • -4, "unsuccessful scanner invocation": Indicates that the ScannerLambda function couldn't finish the scan. Either the scan timeout was reached, or there were too many files to scan causing a Lambda throttling error.
  • scanning_result: Indicates scan details such as the scanned file's size as well as any found malware or errors.

    • Findings: List of scan findings that indicate the issues of the file.
    • Error: Detail error message when scanner_status is -2.
    • Codes: List of status codes that indicate the details of the scan.
      • 100~199: Some scans are skipped due to existing parameters. Contact support if you need assistance.
  • file_attributes: Indicates information associated with a file.

    • etag: A unique identifier assigned to each object stored in cloud storage services. AWS and GCP scanner only.
    • checksums:
      • crc32c: A CRC32C checksum assigned to each object stored in a GCP Cloud Storage bucket. GCP scanner only.

Examples

Below are some examples of scanner result messages in SNS.

The first example shows a message indicating a successful scan that found spyware:

{
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/eicar.txt",
    "file_name": "eicar.txt",
    "file_attributes": {
        "etag": "e4968ef99266df7c9a1f0637d2389dab"
    },
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 68,
        "Findings": [
            {
                "malware": "Eicar_test_file",
                "type": "Virus"
            }
        ],
        "Error": "",
        "Codes": []
    }
}

The second example shows a message indicating a successful scan that didn't find any known malware.

{
    "timestamp": 1601002001.7012062,
    "sqs_message_id": "7523b040-4807-ac2d-a452-d27c8c509b6f",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/sample.pdf",
    "file_name": "sample.pdf",
    "file_attributes": {
        "etag": "78f1435a3c0b5f5e56c654aef69f12bf"
    },
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 17346,
        "Findings": [],
        "Error": "",
        "Codes": []
    }
}

The next example shows a message indicating an unsuccessful scan with the error invalid license status.

{
    "timestamp": 1589541828.884077,
    "sqs_message_id": "43e35b29-899e-458a-8856-2dc1ed28f4e2",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/sample.txt",
    "file_name": "sample.pdf",
    "file_attributes": {
        "etag": "8b15e201cc045f7cc36003e231f9a931"
    },
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": -1,
    "scanner_status_message": invalid license status,
    "scanning_result": {
        "Error": "failed to verify license: invalid jwt" // Brief error messages
    }
}