Virusdie file scan and cleanup API #

Using file scan and cleanup API you can scan files for malware and suspicions by a request with an uploaded file. It may clean files from redirects, trojans, shell scripts, backdoors and malicious code very accurately the same way as Virusdie Antivirus https://virusdie.com/faq/antivirus/.

By using this API you’ll can:

2018-10-16

API requests format #

Send HTTP requests to the server filescan.virusdie.com. A common request format is:

(GET|POST) /<method>/[param1/paramN][?query]

For the filescan and cleanup methods:
Raw file contents should be transferred as is in request body, without any encoding.
A valid Content-Length request header should be set to file size.
The maximum allowed size of scanned file is 512Kb.
If any error occurs in cleanup, the service will respond with corresponding HTTP status code and basic error description.

Authorization #

You should use your personal API key to authorize any request.
API key should be transferred via cookie header as Cookie: apikey=Your_API_key.

Common response format #

In response to each request, there will be a JSON object returned along format below:

{
version:    str  The version of the system,
keyid:      str  Authorization public key ID,
method:     str  The value of 'method' parameter in a request,
timewait:   int  Time of query execution, msec,
error:      int  Error code or 0. More in a section [Common System Errors],
message:    str  Error message, if any,
errorinfo:  str  Additional information on the causes of the error, if any,
result:     mix  Response to the request (the format depends on the requested method),
}

The format of the .result field depends on the specific method (parameter method). See Methods List.

Common System Errors #

The HTTP response status code will always be 200.

The error code is sent to the field .error of the result.

Value 0 means that there were no critical errors and you can process the .result field.

Otherwise (.error not a 0) you should not process the .result field.

In the .message field, a text message is sent about the error that occurred.

In the .errorinfo field, additional information about the causes of the error can be transmitted.

List of system-wide errors:

Errors specific for each method are described in the appropriate subsections of the Methods List.

Methods List #

File scanning #

You can POST any file to /filescan/ to get information about all threats found in that file:

POST /filescan/? [more] [&filetype=<FileType>] HTTP/1.1
Content-Length: <File size>

<Raw file contents>

Response.result #

The response.result will contain information about all threats found in the uploaded file.
Threats could be Incurable or Curable. The verdict status could be Suspicious or Malicious.
It is a JSON encoded array described below:

[
  ["Threat ID", "Threat name", Threat is Incurable, This is Suspicious, "Code fragment", Offset, Length],
  ...
]

The Code fragment, Offset, Length can be empty. It means the whole file is a standalone malicious (shell) script which could be deleted completely.

Response.result example #

[
  [ "12", "Shell.WSO",      0, 0, "", 0, 0 ],
  [ "34", "SEO.Redirect.1", 1, 1, "Base64code...", 20, 200 ]
]

File cleanup #

You can POST any file to /cleanup/ to get the cleaned version of uploaded file.
The cleaned file will be sent as response body immediately.
You should provide the token returned by token_create endpoint.

POST /cleanup/? [token=<Token>] [&filetype=<FileType>] HTTP/1.1
Content-Length: <File size>

<Raw file contents>

Token verification can be disabled for some API keys. The token argument is not required for such keys.

Response #

The response body will contain the cleaned or partly cleaned (if there are some Incurable code) version of uploaded file.
If there are no threats found/removed then the original file will be returned as is.
If the response is empty then the whole file is a standalone malicious (shell) script which could be deleted completely.

Create the cleanup token #

The cleanup endpoint requires the &token argument. You can create it by calling /token_create/ endpoint:

GET /token_create/?files=<Files count> HTTP/1.1

Response.result (token data) #

Created token will be sent in response.result as JSON encoded object:

{
  "token": "str",
  "created": int,
  "expires": int,
  "files": int,
  "uploaded": int
}

This is the common token data format, it is also used by token_status and token_delete methods.
Tokens will expire in 30 minutes.

Response.result (token data) example #

GET /token_create/?files=10

{
  "token": "UvtVD37Dfh9oGc7GT37819hs9L233KUr",
  "created": 1500000000,
  "expires": 1500001800,
  "files": 10,
  "uploaded": 0
}

Delete the cleanup token #

Call /token_delete/ endpoint to delete the token:

GET /token_delete/?token=<Token> HTTP/1.1

Response.result #

For existing tokens the token data will be returned in the same format as in token_create.
For non existing tokens, no error will occur and null will be returned in response.result.

Show the cleanup token data #

Call /token_status/ endpoint to get the full information about any token:

GET /token_status/?token=<Token> HTTP/1.1

Response.result #

The token data will be returned in the same format as in token_create.
If the token is not exists, null will be returned in response.result.

 


Go to top :: Methods List