Querying the Virus Scan Result List

Function

This API is used to query the virus scan result list.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

GET /v5/{project_id}/antivirus/result

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
offset	Yes	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value N/A
limit	Yes	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10 to 200 Default Value 10
host_name	No	String	Definition Server name. Constraints N/A Range The value contains 1 to 256 characters. Default Value N/A
private_ip	No	String	Definition Server private IP address. Constraints N/A Range The value can contain 1 to 128 characters. Default Value N/A
public_ip	No	String	Definition Server EIP. Constraints N/A Range For IPv4, the value contains 7 to 15 characters. For IPv6, the value contains 15 to 39 characters. Default Value None
handle_status	No	String	Definition Handling Status Constraints N/A Range Its value can be: unhandled handled Default Value N/A
severity_list	No	Array of strings	Definition Risk level. It has been deprecated. Constraints N/A Range Threat level. The options are as follows: Low Medium High Critical Default Value N/A
severities	No	String	Threat level. The options are as follows: Low Medium High Critical
asset_value	No	String	Definition Asset importance. Constraints N/A Range important common test Default Value None
malware_name	No	String	Definition Virus Name Constraints N/A Range The value can contain 1 to 128 characters. Default Value N/A
file_path	No	String	Definition File path. Constraints N/A Range The value contains 1 to 512 characters. Default Value N/A
file_hash	No	String	Definition File hash. The current value is sha256. Constraints The value must be a valid SHA-256 hash value. Range The value contains 64 characters. Default Value N/A
task_name	No	String	Definition Task Constraints N/A Range The value can contain 1 to 128 characters. Default Value N/A
manual_isolate	No	Boolean	Definition Whether the manual isolation button is used. Constraints N/A Range true (manual isolation is used) or false (manual isolation is not used) Default Value N/A
id_list	No	Array of strings	ID list.
file_hash_list	No	Array of strings	Hash list

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Integer	Definition Total number. Range The value range is 0 to 2,147,483,647.
data_list	Array of AntiVirusResultResponseInfo objects	Definition Virus scan result details list. Range The value ranges from 0 to 1000.

**Table 5** AntiVirusResultResponseInfo
Parameter	Type	Description
result_id	String	Definition Virus scan and removal result ID Range The value can contain 1 to 64 characters.
malware_type	String	Definition Virus Type Range Trojan, Virus, Worm, etc.
malware_name	String	Definition Virus Name Range The value can contain 1 to 128 characters.
severity	String	Definition Risk level. Range Its value can be: Low Medium High Critical
task_id	String	Definition Task ID. Range The value can contain 1 to 64 characters.
task_name	String	Definition Task Range Each tag value can contain a maximum of 255 Unicode characters.
file_info	ResultFileResponseInfo object	File information.
resource_info	ResultResourceResponseInfo object	Resource information
event_type	Integer	Definition Event type ID corresponding to the virus scan and removal result. Range 0 to 10. (0 indicates a file virus event. 1 indicates a memory virus event. For more information, see the product error code or enumeration document.)
occur_time	Integer	Definition Occurrence time, accurate to milliseconds Range The value ranges from 0 to 9223372036854775807. The time format is a timestamp (UTC time zone, starting from 1970-01-01 00:00:00), in milliseconds.
handle_status	String	Definition Handling status. Range unhandled handled
handle_method	String	Definition Handling Method Range Its value can be: mark_as_handled: Mark as handled ignore: Ignore add_to_alarm_whitelist: Add to alarm whitelist isolate_and_kill: Isolate a file unhandle: Cancel manual handling do_not_ignore: Unignore remove_from_alarm_whitelist: Remove from the alarm whitelist do_not_isolate_or_kill: Cancel isolation of a file
memo	String	Definition Remarks. Range The value can contain 0 to 512 characters.
operate_accept_list	Array of strings	Definition Follow-up operation list. Range The array elements are enumerated strings of operations (such as isolate_and_kill and ignore). The array length ranges from 0 to 4. (The supported operations vary according to the result status.)
operate_detail_list	Array of ResultDetailResponseInfo objects	Definition Operation details list (Not displayed on the page) Range Array length: 0 to 100
isolate_tag	String	Definition Flag of automatic isolation and killing. Range The value is a string of 1 to 16 characters. The enumerated values are auto_isolate (automatic isolation), manual (manual operation), and none (not isolated).

**Table 6** ResultFileResponseInfo
Parameter	Type	Description
file_path	String	Definition File path. Range The value can contain 1 to 256 characters.
file_hash	String	Definition File hash. Range The value can contain 1 to 256 characters.
file_size	Integer	Definition File size. Constraints N/A Range The value range is 0 to 9,223,372,036,854,775,807. Default Value N/A
file_owner	String	Definition File attribute Range The value contains 0 to 64 characters.
file_attr	String	Definition System attributes of a file (such as read and write permissions, hidden attributes, and execution permissions). Range The value can contain 1 to 256 characters.
file_ctime	Integer	Definition File creation time. Range Non-negative long integer. The time format is a digit timestamp (UTC time, starting from 1970-01-01 00:00:00), in milliseconds.
file_mtime	Integer	Definition File update time Range Non-negative long integer. The time format is a digit timestamp (UTC time, starting from 1970-01-01 00:00:00), in milliseconds.

**Table 7** ResultResourceResponseInfo
Parameter	Type	Description
host_name	String	Definition Server name. Range The value can contain 1 to 256 characters.
host_id	String	Definition Unique ID of a server (host). Range The value can contain 1 to 64 characters.
agent_id	String	Definition Unique ID of the antivirus agent installed on a server, which is used to associate the server with the antivirus service. Constraints N/A Range The value can contain 1 to 64 characters. Default Value N/A
private_ip	String	Definition Server private IP address. Range The value can contain 1 to 128 characters.
public_ip	String	Definition Elastic IP Address (EIP) Range The value is a string of 1 to 256 characters and can be an IPv4 or IPv6 address. (An IPv4 address can contain 7 to 15 characters. An IPv6 address can contain 15 to 39 characters.)
os_type	String	Definition OS Type Range Linux Windows
host_status	String	Definition Server Status Range The options are as follows: ACTIVE: running SHUTOFF: shut down BUILDING: creating ERROR: faulty
agent_status	String	Definition Agent status. Range The options are as follows: installed not_installed online offline install_failed installing
protect_status	String	Definition Protection status Range The options are as follows: closed: not protected opened: protected
asset_value	String	Definition Asset importance. Range important common test
os_name	String	Definition OS name. Range The value can contain 0 to 128 characters.
os_version	String	Definition OS Version Range The value can contain 0 to 64 characters.

**Table 8** ResultDetailResponseInfo
Parameter	Type	Description
keyword	String	Definition Alarm event keyword, which is used only for the alarm whitelist. Range The value can contain 0 to 128 characters.
hash	String	Definition Alarm event hash, which is used only for the alarm whitelist. Range The value contains 64 characters (SHA-256 hash).

Example Requests

None

Example Responses

Status code: 200

Virus scan and removal result list

{
  "total_num" : 3849,
  "data_list" : [ {
    "result_id" : "f989**25-b3a4-4d88-b05a-cc***cd1205",
    "malware_type" : "Trojan",
    "malware_name" : "Linux.Trojan.Ircbot",
    "severity" : "High",
    "task_id" : "cc****7a-bf3c-4b6a-9f77-32857****5504",
    "task_name" : "Custom Scan-20250121211946",
    "file_info" : {
      "file_path" : "/root/Malware_Samples/IRC-Robot/a87b13391818*****5466b66363ea4d*******f2d3e30448d6930ab722b5",
      "file_hash" : "a87****80203c5466b66363ea4d5****5400f2d3e30448d6930ab722b5",
      "file_size" : 5028448,
      "file_owner" : "root",
      "file_attr" : "-rw-r--r--",
      "file_ctime" : 1737030295,
      "file_mtime" : 1700805582
    },
    "resource_info" : {
      "host_name" : "h00657476-linux",
      "host_id" : "b4****be-4c28-4bf3-8070-fde***c6689",
      "agent_id" : "50a1154572*****f934415cdd6817af90a905c5****951a2265003df8e9",
      "private_ip" : "192.168.0.**",
      "public_ip" : "100.93.10.***",
      "os_type" : "Linux",
      "host_status" : "ACTIVE",
      "agent_status" : "online",
      "protect_status" : "opened",
      "asset_value" : "common",
      "os_name" : "HCE OS",
      "os_version" : "2.0"
    },
    "event_type" : 1004,
    "occur_time" : 1737465650731,
    "handle_status" : "unhandled",
    "operate_accept_list" : [ "mark_as_handled", "ignore", "add_to_alarm_whitelist", "manual_isolate_and_kill" ],
    "operate_detail_list" : [ {
      "keyword" : "a87b1339181880203c5******95400f2d3e30448d6930ab722b5",
      "hash" : "a87b1339181880203c5466b66363ea4d54*****d3e30448d6930ab722b5"
    } ]
  } ]
}

Status Codes

Status Code	Description
200	Virus scan and removal result list

Error Codes

See Error Codes.

Parent Topic: Antivirus

Previous topic: Handling Virus Scan Results

Next topic: Querying Virus Scan Statistics

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot