Request Parameters
Parameter
|
Description
|
Mandatory
|
id
|
Identifier of a group to get information on Quarantine objects on stations of this group
|
yes
|
from
|
The start of requested period, during which objects are moved to Quarantine
|
no
|
till
|
The end of requested period, during which objects are moved to Quarantine
|
no
|
page
|
The page number in paged view (may be used to display information about the large number of stations)
|
no
|
per-page
|
Number of stations per one page in paged view (may be used to display information about the large number of stations)
|
no
|
Request Example
http://192.168.1.1:9080/api/groups/quarantine-objects.ds?id=30cc7eb2-d11d-b211-b695-b80815e63511&from=20140401&till=20140701&page=1&per-page=3
Response Documents Structure
•XML response. •JSON response. XML Response Structure
<drweb-avdesk-api api_version="4.1.3" timestamp="1401790982" server="192.168.1.1" srv_version="10.01.0.201707130" status="true">
<group-quarantine items="3" period_from="1396310400" period_till="1404172800">
<item>
<created-time>1401790974</created-time>
<component>11</component>
<file size="860362">C:\Users\tests\Desktop\Virs_Samples\Virs\Win32.Parite.2\postcard.gif.ex#</file><hash>93FC956E0BCA1955908ED642BF116315A33F6CF7F33A0B9AFB6F24B8ED4944B1</hash>
<owner>tests-pc\tests:tests-pc\None</owner>
<virus-info>IRC.Flood</virus-info>
<object>F295C676AC8A40C5C63A7D4E92F2E7A2A885245A834D2157BAF85798138FD7F6</object>
<q-time>1401818448</q-time>
<infection-type>1</infection-type>
</item>
<!-- etc. Skipped in documentation -->
</group-quarantine>
<pages total="2" current="1" objects-per-page="3"/>
</drweb-avdesk-api>
|
Description of XML Response Parameters
•The <group-quarantine /> element contains information on objects in the Quarantine on stations of specified group. The <group-quarantine /> element attributes:
Attribute
|
Description
|
items
|
Total number of objects in Quarantine on all stations of specified group
|
period_from
|
The start of requested period, during which objects are moved to Quarantine
|
period_till
|
The end of requested period, during which objects are moved to Quarantine
|
▫The <item /> element contains information on specific object in the Quarantine. ▪The <station /> element contains information on specific stations of specified group. The <station /> element attributes
Attribute
|
Description
|
id
|
Identifier of a station information about Quarantine of which is presented in this <item /> section
|
The <station /> element value contains the name of a stations information about Quarantine of which is presented in this section.
▪The <created-time /> element value contains the time when the object was added to the Quarantine at the Server. ▪The <component /> element contains the code of components which moved the object to the Quarantine:
Code
|
Component
|
0
|
0 unknown component
|
1
|
Dr.Web Scanner
|
2
|
SpIDer Guard
|
3
|
SpIDer Mail
|
4
|
SpIDer Gate
|
5
|
Quarantine Manager
|
6
|
Dr.Web for Kerio
|
7
|
Dr.Web for Microsoft Outlook
|
8
|
Dr.Web for IBM Lotus Domino
|
9
|
Dr.Web for Qbik WinGate
|
10
|
Dr.Web for ISA Server
|
11
|
Antirootkit module
|
▪The <file /> element contains information on specific file in the Quarantine. The <file /> element attributes
Attribute
|
Description
|
size
|
Size of the file in the Quarantine
|
The <file /> element value contains original file name and the full path to the file before moving to the Quarantine.
▪The <hash /> element value contains the object hash code in the SHA256 format. ▪The <owner /> element value contains the name of the file owner. ▪The <virus-info /> element value contains the name of malware object according to the Doctor Web company classification. ▪The <object /> element value contains the identifier of the object in the Quarantine. ▪The <q-time /> element value contains the time when the object was added to the Quarantine at the station. ▪The <infection-type /> element value contains an infection type:
Code
|
Infection type
|
1
|
known infection
|
2
|
known infection modification
|
4
|
unknown infection
|
5
|
adware
|
6
|
dialer
|
7
|
joke
|
8
|
riskware
|
9
|
hacktool
|
•The <pages /> element contains information on paged view of Quarantine state. The <pages /> element attributes:
Attribute
|
Description
|
total
|
Total number of pages with information on Quarantine state in paged view
|
current
|
Number of the current page
|
objects-per-page
|
Objects count on one page
|
JSON Response Structure
{ "head": {
"status": true,
"timestamp": 1395829007,
"api": {
"version": 40103
},
"server": {
"name": "192.168.1.1",
"version": 1000201707130,
"uuid": "1023dcd7-d11d-b211-896d-8804c0842edb"
}
},
"data": {
"period_from": 1388534400,
"period_till": 1396310400,
"items": {
"total": 44,
"list": [
{
"station_id": "50393916-d21d-b211-a829-e404ce518192",
"station_name": "TESTS-PC",
"created_time": 1395826881,
"component_code": 11,
"file": "C:\\Users\\tests\\Desktop\\Virs_Samples\\Adware\\dprawex.#l",
"file_size": 226592,
"hash": "0B12DF889C995EAE30FDAA6AEFBCA6896946889D9AE105E9C21359C2F3C48E45",
"owner": "tests-pc\\tests:tests-pc\\None",
"virus_info": "Adware.Look2me",
"object": "F165CBF1C530C32147A070211842E753CE9104B4C3A7F1A74FE1B83BF8BDA5F0",
"q_time": 1395854422,
"infection_type": 5
},
{
"station_id": "50393916-d21d-b211-a829-e404ce518192",
"station_name": "TESTS-PC",
"created_time": 1395826886,
"component_code": 11,
"file": "C:\\Users\\tests\\Desktop\\Virs_Samples\\Adware\\Adware.Look2me\\Installer2.exe",
"file_size": 578560,
"hash": "2251FBE49DAD8178D939D94390C699C153A16F50CF30B0D8C6139E20C16DE38C",
"owner": "tests-pc\\tests:tests-pc\\None",
"virus_info": "Adware.Look2me.282",
"object": "F417AC6C9A7A223C8736D382D6312735AA2497565C26813A1E3ADB1B7713870F",
"q_time": 1395854427,
"infection_type": 5
}
]
},
"pages": {
"total": 5,
"current": 5,
"objects_per_page": 10
}
}
}
|
Description of JSON Response Parameters
The data block contains general information on the request and the blocks with information on the objects at the Quarantine.
The data block elements:
Field name
|
Description
|
period_from
|
The start of requested period, during which objects are moved to Quarantine
|
period_till
|
The end of requested period, during which objects are moved to Quarantine
|
•The items block contains information on objects in the Quarantine on stations of specified group. The items block elements:
Field name
|
Description
|
total
|
Total number of objects in Quarantine on all stations of specified group
|
▫The list array contains information on specific object in the Quarantine. Elements in the list array:
Field name
|
Description
|
created_time
|
The time when the object was added to the Quarantine at the Server
|
component_code
|
The code of components which moved the object to the Quarantine:
•0—unknown component, •1—Dr.Web Scanner, •2—app_fsfilter, •3—SpIDer Mail, •4—SpIDer Gate, •5—Quarantine Manager, •6—Dr.Web for Kerio, •7—Dr.Web for Microsoft Outlook, •8—Dr.Web for IBM Lotus Domino, •9—Dr.Web for Qbik WinGate, •10—Dr.Web for ISA Server, •11—app_arkapi. |
file
|
Full path to the file before moving to the Quarantine
|
file_size
|
Size of the file in the Quarantine
|
hash
|
The object hash code in the SHA256 format
|
owner
|
Name of the file owner
|
virus_info
|
Name of malware object according to the Doctor Web company classification
|
object
|
Identifier of the object in the Quarantine
|
q_time
|
Time when the object was added to the Quarantine at the station
|
•The pages block contains information on the number of displayed objects. The pages block elements:
Field name
|
Description
|
total
|
Total number of pages
|
current
|
Number of the current page
|
objects_per_page
|
The number of records on one page
|
|