Topics on this page

Scan result format

A JSON containing information about the scan. Specifically, it includes:

  • timestamp: A unique number that corresponds to the time when the scan occurred.
  • sqs_message_id: The unique ID of this event.
  • xamz_request_id: The request ID of S3. Coming soon. Only empty string currently.
  • file_url: The URL to the scanned file in S3.
  • scanner_status and scanner_status_message:

    This pairing has the following values:

    • 0, "successful scan": Indicates that the scan finished successfully.
    • -1, "invalid license status": Usually indicates that File Storage Security is not fully configured. The most likely reason for an incomplete deployment is that ARNs have not yet been submitted through the File Storage Security console or API. For instructions on submitting the ARNs, see Add Stacks or Deploy stacks using the API. This message could also indicate that your license is not valid, or that File Storage Security was not able to push a new license to your stack.
    • -2, "unsuccessful scan": Indicates that the ScannerLambda function was unable to scan the file.
    • -3, "scanner error": Indicates that an internal error occurred in the ScannerLambda function.
    • -4, "unsuccessful scanner invocation": Indicates that the ScannerLambda function couldn't finish the scan. Either the scan timeout was reached, or there were too many files to scan causing a Lambda throttling error.
  • scanning_result: Indicates scan details such as the scanned file's size as well as any found malware or errors.

    • Findings: List of scan findings that indicate the issues of the file.
    • Error: Detail error message when scanner_status is -2.
    • Codes: List of status codes that indicate the details of the scan.
      • 100~199: Some scans are skipped due to existing parameters. Contact support if you need assistance.

Examples

Below are some examples of scanner result messages in SNS.

The first example shows a message indicating a successful scan that found spyware:

{
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/eicar.txt",
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 68,
        "Findings": [
            {
                "malware": "Eicar_test_file",
                "type": "Virus"
            }
        ],
        "Error": "",
        "Codes": []
    }
}

The second example shows a message indicating a successful scan that didn't find any known malware.

{
    "timestamp": 1601002001.7012062,
    "sqs_message_id": "7523b040-4807-ac2d-a452-d27c8c509b6f",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/sample.pdf",
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 17346,
        "Findings": [],
        "Error": "",
        "Codes": []
    }
}

The next example shows a message indicating an unsuccessful scan with the error invalid license status.

{
    "timestamp": 1589541828.884077,
    "sqs_message_id": "43e35b29-899e-458a-8856-2dc1ed28f4e2",
    "xamz_request_id: "",
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/sample.txt",
    "scanner_status": -1,
    "scanner_status_message": invalid license status,
    "scanning_result": {
        "Error": "failed to verify license: invalid jwt" // Brief error messages
    }
}