All Products
Search
Document Center

Security Center:ListCompressFileDetectResult

Last Updated:Nov 25, 2024

Queries the detection results of the files extracted from a package.

Operation description

You can call this operation to query the detection results of files only if the files are pushed to the cloud for detection and in the form of packages. You can repeatedly query the detection results of files within 5 hours because the results are retained for 5 hours. For more information about how to push a file to the cloud for detection, see the CreateFileDetect operation. For more information about how to query file detection results, see the GetFileDetectResult operation.

The HashKey parameter is included in all API operations that are related to the file detection feature. The parameter specifies the unique identifier of a file. Only hexadecimal MD5 hash values of complete file content are supported. You must calculate the required MD5 hash value before you call this operation.

To calculate the hexadecimal MD5 hash value for a file, you can perform the following steps:

1. Use the MD5 algorithm to encrypt data and generate a 128-bit hash value. You can use a tool such as MessageDigest for Java and the hashlib module for Python.

2. Convert the hash value to a hexadecimal string. You can use a tool such as Codec for Java and the hex() function for Python.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:ListCompressFileDetectResultlist
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
SourceIpstringNo

The source IP address of the request.

27.9.XX.XX
HashKeystringNo

The identifier of the file. Only MD5 hash values are supported.

0a212417e65c26ff133cfff28f6c****
CurrentPageintegerYes

The page number. Default value: 1.

1
PageSizeintegerYes

The number of entries per page. Default value: 20.

20

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The request ID.

E10BAF1C-A6C5-51E2-866C-76D5922E****
PageInfoobject

The pagination information.

CurrentPageinteger

The page number.

1
PageSizeinteger

The number of entries per page.

20
TotalCountinteger

The total number of entries returned.

55
ResultListarray<object>

The detection results of files.

ResultListobject

The detection results of the file.

HashKeystring

The identifier of the file.

0a212417e65c26ff133cfff28f6c****
Resultinteger

The file detection result. Valid values:

  • 0: The file is normal.
  • 1: The file is suspicious.
  • 3: The detection is in progress.
0
Scoreinteger

The score of the file detection result. The following list describes mappings between the score ranges and risk levels:

  • 0 to 60: normal
  • 61 to 70: risky
  • 71 to 80: suspicious
  • 81 to 100: malicious
Note A higher score indicates a more suspicious file.
100
VirusTypestring

The type of the virus. Valid values:

  • Trojan: self-mutating trojan
  • WebShell: webshell
  • Backdoor: backdoor program
  • RansomWare: ransomware
  • Scanner: scanner
  • Stealer: tool that is used to steal information
  • Malbaseware: tainted basic software
  • Hacktool: attacker tool
  • Engtest: engine test program
  • Downloader: trojan downloader
  • Virus: infectious virus
  • Miner: mining program
  • Worm: worm
  • DDoS: DDoS trojan
  • Malware: malicious program
  • Backdoor: reverse shell
  • RiskWare: software that has risks
  • Proxytool: proxy
  • Suspicious: suspicious program
  • MalScript: malicious script
  • Rootkit: rootkit
  • Exploit: exploit
WebShell
Extstring

The extended information about the file detection result.

{ "HighLight": [ [ 23245, 23212 ] ], "FileLabel": [ "PE32", "Zip", "SFX", "encrypted" ] }
Pathstring

The path to the file within the package.

/root/1.zip/test****

Examples

Sample success responses

JSONformat

{
  "RequestId": "E10BAF1C-A6C5-51E2-866C-76D5922E****",
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 55
  },
  "ResultList": [
    {
      "HashKey": "0a212417e65c26ff133cfff28f6c****",
      "Result": 0,
      "Score": 100,
      "VirusType": "WebShell",
      "Ext": "{\n    \"HighLight\":\n    [\n        [\n            23245,\n            23212\n        ]\n    ],\n    \"FileLabel\":\n    [\n        \"PE32\",\n        \"Zip\",\n        \"SFX\",\n        \"encrypted\"\n    ]\n}",
      "Path": "/root/1.zip/test****"
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
400RequestTooFrequentlyRequest too frequently, please try again later-
400GetResultFailGet result fail, found no detect record for this file or result has been expired-
400InvalidApiDetectTypeUnsupported Api Detect Type.The file type is not supported.
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-
500SystemBusySystem busy, please try again later.-

For a list of error codes, visit the Service error codes.