Request Parameters
Parameter
|
Description
|
Mandatory
|
from
|
The start of requested period, during which objects are moved to Quarantine
|
no
|
id
|
Identifier of a group to get information on Quarantine objects on stations of this group
|
yes
|
page
|
Number of the page which must be returned in response in paged view (may be used to display information about the large number of stations)
|
no
|
per-page
|
Number of stations per one page in paged view (may be used to display information about the large number of stations)
|
no
|
till
|
The end of requested period, during which objects are moved to Quarantine
|
no
|
Request Example
http://192.168.1.1:9080/api/groups/quarantine-objects.ds?id=30cc7eb2-d11d-b211-b695-b80815e63511&from=20190531&till=20190614&page=1&per-page=3
|
XML and JSON response structure examples are described below.
XML Response
<drweb-es-api api_version="4.3.0" timestamp="1560513283" server="192.168.1.1" srv_version="12.00.0.201909260" status="true">
<group-quarantine items="1" period_from="1559314800" period_till="1560524399">
<item>
<station id="9d09ba10-8c30-11e9-476d-bcdfc107a5ed">T-PC</station>
<created-time>1560247639</created-time>
<component>11</component>
<file size="226592">C:\Users\tests\Virs_Samples\Adware\dprawex.#l</file>
<hash>0B12DF889C995EAE30FDAA6AEFBCA6896946889D9AE105E9C21359C2F3C48E45</hash>
<owner>tests-pc\tests:tests-pc\None</owner>
<virus-info>Adware.Look2me</virus-info>
<object>F165CBF1C530C32147A070211842E753CE9104B4C3A7F1A74FE1B83BF8BDA5F0</object>
<q-time>20190611100719446</q-time>
<infection-type>5</infection-type>
</item>
</group-quarantine>
<pages total="1" current="1" objects-per-page="3"/>
</drweb-es-api>
|
Description of XML Response Parameters
•The <group-quarantine /> element contains information on objects in the Quarantine on stations of specified group. The <group-quarantine /> element attributes:
Attribute
|
Description
|
items
|
Total number of objects in Quarantine on all stations of specified group
|
period_from
|
The start of requested period, during which objects are moved to Quarantine
|
period_till
|
The end of requested period, during which objects are moved to Quarantine
|
▫The <item /> element contains information on specific object in the Quarantine. ▪The <station /> element contains information on specific stations of specified group. The <station /> element attribute:
Attribute
|
Description
|
id
|
Identifier of a station information about Quarantine of which is presented in this <item /> section
|
The <station /> element value contains the name of a stations information about Quarantine of which is presented in this section.
▪The <created-time /> element value contains the time when the object was added to the Quarantine at the Server. ▪The <component /> element contains the code of components which moved the object to the Quarantine:
Code
|
Component
|
0
|
unknown component
|
1
|
Dr.Web Scanner
|
2
|
SpIDer Guard
|
3
|
SpIDer Mail
|
4
|
SpIDer Gate
|
5
|
Quarantine Manager
|
6
|
Dr.Web for Kerio
|
7
|
Dr.Web for Microsoft Outlook
|
8
|
Dr.Web for IBM Lotus Domino
|
9
|
Dr.Web for Qbik WinGate
|
10
|
Dr.Web for ISA Server
|
11
|
Antirootkit module
|
•The <file /> element contains information on specific file in the Quarantine. The <file /> element attribute:
Attribute
|
Description
|
size
|
Size of the file in the Quarantine
|
The <file /> element value contains the full path to the file before moving to the Quarantine.
•The <hash /> element value contains the object hash code in the SHA256 format. •The <owner /> element value contains the name of the file owner. •The <virus-info /> element value contains the name of malware object according to the Doctor Web company classification. •The <object /> element value contains the identifier of the object in the Quarantine. •The <q-time /> element value contains the time when the object was added to the Quarantine at the station. •The <infection-type /> element value contains an infection type. Infection type codes:
Code
|
Infection type
|
1
|
known infection
|
2
|
known infection modification
|
4
|
unknown infection
|
5
|
adware
|
6
|
dialer
|
7
|
joke
|
8
|
riskware
|
9
|
hacktool
|
•The <pages /> element contains information on paged view of Quarantine state. The <pages /> element attributes:
Attribute
|
Description
|
total
|
Total number of pages with information on Quarantine state in paged view
|
current
|
Number of the current page
|
objects-per-page
|
Objects count on one page
|
JSON Response
{ "head": {
"status": true,
"timestamp": 1560513328,
"api": {
"version": 40300,
"versionString": 4.3.0},
"server": {
"name": "192.168.1.1",
"version": "12.00.0.201909260",
"uuid": "76b05bc0-8691-11e9-63e5-7036cecd07fa"}},
"data": {
"period_from": 1559314800,
"period_till": 1560524399,
"items": {
"total": 1,
"list": [
{"component_code": 11,
"created_time": 1560247639,
"file": "C:\\Users\\tests\\Virs_Samples\\Adware\\dprawex.#l",
"file_size": 226592,
"hash": "0B12DF889C995EAE30FDAA6AEFBCA6896946889D9AE105E9C21359C2F3C48E45",
"infection_type": 5,
"object": "F165CBF1C530C32147A070211842E753CE9104B4C3A7F1A74FE1B83BF8BDA5F0",
"owner": "tests-pc\\tests:tests-pc\\None",
"q_time": 20190611100719446,
"station_id": "9d09ba10-8c30-11e9-476d-bcdfc107a5ed",
"station_name": "T-PC",
"virus_info": "Adware.Look2me"}]},
"pages": {
"current": 1,
"objects_per_page": 3,
"total": 1}}}
|
Description of JSON Response Parameters
The data block contains general information on the request and the blocks with information on objects in the Quarantine.
The data block elements:
Field name
|
Description
|
period_from
|
The start of requested period, during which objects are moved to Quarantine
|
period_till
|
The end of requested period, during which objects are moved to Quarantine
|
•The items block contains information on objects in the Quarantine on stations of specified group. The items block elements:
Field name
|
Description
|
total
|
Total number of objects in Quarantine on all stations of specified group
|
▫The list array contains information on specific objects in the Quarantine. Elements in the list array:
Field name
|
Description
|
component_code
|
The code of components which moved the object to the Quarantine:
0—unknown component,
1—Dr.Web Scanner,
2—SpIDer Guard,
3—SpIDer Mail,
4—SpIDer Gate,
5—Quarantine Manager,
6—Dr.Web for Kerio,
7—Dr.Web for Microsoft Outlook,
8—Dr.Web for IBM Lotus Domino,
9—Dr.Web for Qbik WinGate,
10—Dr.Web for ISA Server,
11—Antirootkit module
|
created_time
|
The time when the object was added to the Quarantine at the Server
|
file
|
Full path to the file before moving to the Quarantine
|
file_size
|
Size of the file in the Quarantine
|
hash
|
The object hash code in the SHA256 format
|
infection_type
|
Infection type:
1—known infection,
2—known infection modification,
4—unknown infection,
5—adware,
6—dialer,
7—joke,
8—riskware,
9—hacktool
|
object
|
Identifier of the object in the Quarantine
|
owner
|
Name of the file owner
|
q_time
|
Time when the object was added to the Quarantine at the station
|
station_id
|
Identifier of a station which information on Quarantine is presented in this section
|
station_name
|
Name of a station which information on Quarantine is presented in this section
|
virus_info
|
Name of malware object according to the Doctor Web company classification
|
•The pages block contains information on the number of displayed objects. The pages block elements:
Field name
|
Description
|
current
|
Number of the current page
|
objects_per_page
|
Number of records on one page
|
total
|
Total number of pages
|
|