Views:
A JSON containing information about the scan. Specifically, it includes:
  • type: It identifies the result type. Its value is always scan-result.
  • timestamp: A unique number that corresponds to the time when the scan result is published.
  • sqs_message_id: The SQS message ID of this event. AWS scanner only.
  • xamz_request_id: The request ID of S3. AWS scanner only.
  • bucket: A new field that contains the name of the bucket where the scanned object resides.
  • bucket_region: A new field that contains the region of the bucket where the scanned object resides. This field is not included when the region is unavailable.
  • file_name: The scanned file name. AWS scanner only.
  • file_attributes: Indicates information associated with a file.
    • etag: A unique identifier assigned to each object stored in cloud storage services. AWS and GCP scanner only.
    • checksums:
      • crc32c: A CRC32C checksum assigned to each object stored in a GCP Cloud Storage bucket. GCP scanner only.
  • file_url: The URL to the scanned file in AWS S3, Azure Blob or GCP Cloud Storage.
  • scan_start_timestamp: A unique number that corresponds to the time when the scan started.
  • scanner_status and scanner_status_message:This pairing has the following values:
    • 0, "successful scan": Indicates that the scan finished successfully.
    • -1, "invalid license status": Usually indicates that File Storage Security is not fully configured. The most likely reason for an incomplete deployment is that ARNs have not yet been submitted through the File Storage Security console or API. For instructions on submitting the ARNs, see Add Stacks or Deploy stacks using the API. This message could also indicate that your license is not valid, or that File Storage Security was not able to push a new license to your stack.
    • -2, "unsuccessful scan": Indicates that the ScannerLambda function was unable to scan the file.
    • -3, "scanner error": Indicates that an internal error occurred in the ScannerLambda function.
    • -4, "unsuccessful scanner invocation": Indicates that the ScannerLambda function couldn't finish the scan. Either the scan timeout was reached, or there were too many files to scan causing a Lambda throttling error.
    • -5, "network error": Indicates that the scan failed due to a network error.
  • scanning_result: Indicates scan details such as the scanned file's size as well as any found malware or errors. This field can be null when the scan cannot be performed.
    • TotalBytelsOfFile:
    • Findings: List of scan findings that indicate the issues of the file.
    • Error: Detail error message when scanner_status is -2.
    • Codes: List of status codes that indicate the details of the scan.
      • 100~199: Some scans are skipped due to existing parameters. Contact support if you need assistance.
  • scan_type: Indicates how the scan was triggered. Possible values are object created, manual, and schedule

Examples

Below are some examples of scanner result messages in SNS.
Successful scan with malware detected
{
    "type": "scan-result",
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id": "",
    "bucket": "some-bucket",
    "bucket_region": "us-west-2",
    "file_name": "eicar.txt",
    "file_attributes": {
        "etag": "e4968ef99266df7c9a1f0637d2389dab"
    },
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/eicar.txt",
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 68,
        "Findings": [
            {
                "malware": "Eicar_test_file",
                "type": "Virus"
            }
        ],
        "Error": "",
        "Codes": []
    },
    "scan_type": "object created"
}
Successful scan with no malware detected
{
    "type": "scan-result",
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id": "",
    "bucket": "some-bucket",
    "bucket_region": "us-west-2",
    "file_name": "clean-file.txt",
    "file_attributes": {
        "etag": "e4968ef99266df7c9a1f0637d2389dab"
    },
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/clean-file.txt",
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": 0,
    "scanner_status_message": "successful scan",
    "scanning_result": {
        "TotalBytesOfFile": 68,
        "Findings": [],
        "Error": "",
        "Codes": []
    },
    "scan_type": "object created"
}
Unsuccessful scan
{
    "type": "scan-result",
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id": "",
    "bucket": "some-bucket",
    "bucket_region": "us-west-2",
    "file_name": "some-file.txt",
    "file_attributes": {
        "etag": "e4968ef99266df7c9a1f0637d2389dab"
    },
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/some-file.txt",
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": -2,
    "scanner_status_message": "unsuccessful scan",
    "scanning_result": {
        "TotalBytesOfFile": 0,
        "Findings": [],
        "Error": "unable to scan file",
        "Codes": []
    },
    "scan_type": "object created"
}
Scan not performed (exception)
{
    "type": "scan-result",
    "timestamp": 1587969985.4258394,
    "sqs_message_id": "ed985230-e3ba-4cc3-b92e-40ed17403c32",
    "xamz_request_id": "",
    "bucket": "some-bucket",
    "bucket_region": "us-west-2",
    "file_name": "some-file.txt",
    "file_attributes": {
        "etag": "e4968ef99266df7c9a1f0637d2389dab"
    },
    "file_url": "https://some-bucket.s3.us-west-2.amazonaws.com/some-file.txt",
    "scan_start_timestamp": 1587967985.3261893,
    "scanner_status": -2,
    "scanner_status_message": "unsuccessful scan",
    "scanning_result": null,
    "scan_type": "object created"
}