COM Interface
The Metadefender Core COM server externalizes COM (Microsoft’s Component Object Model) interfaces. The interfaces are all based on the IDispatch automation interface making integration possible from many scripting languages.
When the Metadefender Core Server starts (this happens when you log in or upon the first invocation of the server from a client), it starts updating all the supported antivirus engines on the system. The server repeats the update process at configurable intervals.
Before any method is called, a client instance must be initialized by calling Init or InitEx (deprecated). For APIs via callbacks, please refer to COM Connection Points.
|
Title |
Note |
Method |
Description |
|
|
StopScan |
This method purges all scan requests and ongoing scans. Method returns only when all requests are purged. |
|
|
|
ConvertFileType |
This method converts the specified input file into a different format. |
|
|
|
AnalyzeEx |
This method is an extensible file type analysis API that allows the user to set various analyze file type options that can be configured for each file type analysis request. It can be used as a wrapper of the other file type analysis APIs. It also supports specifying custom ticket ID and session ID to associate file type analysis and scan. |
|
|
|
AnalyzeFileTypeEx2 |
This method analyzes a file (or buffer) and attempts to guess its type, detects files of which the file extensions may have been altered, and recursively analyzes contents of archive files. |
|
|
|
GetUpdateStatusEx |
This method returns information about the virus definition files of the requested product. |
|
|
|
SetProperty |
Modify one of Metadefender Core's internal properties. |
|
|
|
GetProperty |
Reads one of the internal properties. |
|
|
|
UpdateEngine |
This method is called to initiate an update of a specific anti-malware engine on the local machine. |
|
|
|
UpdateAntiViruses |
This method is called to initiate an update of all anti-malware engines at the same time on the local machine. It is recommended to perform updates via automatic periodic update, which is performed at predetermined intervals as configured in “Update Interval” property. |
|
|
|
ScanEx |
This method is an extensible scan API which allows the setting of various scan options that can be configured for each scan request. |
|
|
|
Process |
This method processes a file through a workflow based on the specified user agent. |
|
|
|
Init |
This method is called to initialize the connection to the Metadefender Core service. This method needs to be called before any other method can be called. |
|
|
Connection Points |
OnProcess |
This callback is fired after each Process method when a pre-defined event is found. |
|
|
Connection Points |
OnFileInArchiveInfoAvailable |
This callback method is invoked when Metadefender Core's archive library is enabled and a file from within an archive is analyzed (not a scan result). This callback can be used to obtain more discrete information of a file contained within an archive. |
|
|
Connection Points |
ScanStartReport |
This callback method is invoked when each engine begins the scan. It is used when a scan request begins. This callback is fired on if “report_on_scan_start” is set to “1” (true). |
|
|
Connection Points |
MyOnUpdateComplete |
This callback method is invoked when an update completes. It is fired to all Metadefender Core client objects that are registered to this connection point. However, if there is already an update request that has not completed, only the Metadefender Core client that requested the update will get a callback with the update result of “updateAlreadyRequested(2)”. |
|
|
Connection Points |
MyOnUpdateProgressReport |
This callback method is invoked when an update for each engine completes. It is fired to the Metadefender Core client object that initiates the update. |
|
|
Connection Points |
MyScanProgressReport |
This callback method is invoked when each engine completes the scan. The callback can be used for a scan progress report when more than one engine is used. If an engine is not used for any reason such as encrypted archive or scan request on a known file inside the folder, no progress report will be fired for the specific file. |
|
|
Connection Points |
MyScanProgressReport |
This method is called to initialize the connection to the Metadefender Core service. This method needs to be called before any other method can be called. |
|
|
Connection Points |
MyOnScanComplete |
This connection point is fired whenever a scan is completed. This event is not global, but is specific to the client that makes this scan request. In other words, when scanning is requested by a client, other client objects will not get a callback when the scanning is completed. |
|
|
deprecated |
UnsubscribeGlobalEvents |
This method is called to unsubscribe to specific or all events. If you subscribe to a specific type of event, you must unsubscribe to that type of event. For example, if you subscribe to scan event type and update event type, you must unsubscribe to both scan event type and update event type. Calling to unsubscribe to events to which you are not subscribed has no effect. |
|
|
deprecated |
SubscribeGlobalEvents |
If you want to receive global callbacks such as OnLogAvailable, you must subscribe to global events with an appropriate event type through this call. If you subscribe to a specific type of event, you must unsubscribe to that type of event. For example, if you subscribe to a scan event type and update event type, you must both unsubscribe to the scan event type and update the event type. |
|
|
deprecated |
AnalyzeFileType |
This method analyzes the contents of a file and attempts to guess its type. |
|
|
deprecated |
GetUpdateStatus |
This method returns information about the virus definition files of the requested product. |
|
|
deprecated |
PutToScanAndCleanQueue |
This method places a file to the scan-and-clean queue. In other words, the scan request will be processed asynchronously. |
|
|
deprecated |
PutToScanQueue |
This method is called to place a file to the scan-queue. In other words, the scan request will be processed asynchronously. |
|
|
deprecated |
ScanAndClean |
This method is called to scan and clean a file. This is done in a synchronous (blocking) fashion - the method returns only after the scan is complete. |
|
|
deprecated |
Scan |
This method is called to scan a file or a memory buffer. This is done in a synchronous (blocking) fashion - the method returns only after the scan is complete. |
|
|
deprecated |
InitEx |
This method can still be used for the purpose of initializing an instance of a Metadefender Core object. However, with more flexible and extensive DB controller, the ability to have its own log writer per instance is disabled. |
Important Return Type
Scan outcome Return Type
|
Return value |
Description |
Note |
|
0 |
No threat found |
No threat detection or the file is empty. |
|
1 |
Infected/Known |
Threat is found. |
|
2 |
Suspicious |
Classified as possible threat but not identified as specific threat. |
|
3 |
Failed To Scan |
Scanning is not fully performed (For example, invalid file or no read permission). If no engine is included and scan is enabled, this will be the final result. |
|
4 |
Cleaned |
Threat is found and file is cleaned (repaired or deleted). |
|
5 |
Unknown |
Unknown scan result. |
|
6 |
Quarantined |
File is quarantined. |
|
7 |
Skipped Clean |
Scan is skipped because this file type is in whitelist. |
|
8 |
Skipped Dirty |
Scan is skipped because this file type is in blacklist. |
|
9 |
Exceeded Archive Depth |
Threat is not found, but there are more archive levels that were not extracted. This is affected by the Metadefender Core property,‘internal_archive_recursive_level’. |
|
10 |
Not Scanned |
Scan is skipped by the engine, either due to update or other engine specific reason. If scan is disabled, this is the final result. |
|
11 |
Aborted |
All ongoing scans are purged by StopScan API call. |
|
12 |
Encrypted |
File/buffer is not scanned because the file type is detected as encrypted (password-protected). If the Internal Archive Library is ON, encrypted return type is not going to be returned through Metadefender Core scan progress callbacks because the engines do not perform any scan operations. If the Internal Archive Library is OFF, Metadefender Core passes the encrypted files to the engines directly, bypassing the detection. |
|
13 |
Exceeded Archive Size |
The extracted archive is larger than set in the maximum file size for archive. (For more details, refer to “archive_lib_max_size” properties in the Config topic.) |
|
14 |
Exceeded Archive File Number |
There are more files in the archive than set in the maximum number of files extracted. (For more details, refer to “archive_lib_max_num_files” properties in the Config |
|
15 |
Password Protected Document |
Only workflow has this result. |
Others
|
Return Type |
Values |
API/Connection points which use this return type |
|
ThreatList |
A threat list found on the scanned object, otherwise null (Threat name should NOT be used in a way that affects the application logic. For example, a threat name can be an empty string ) |
Scan ScanEx ScanAndClean PutToScanQueue PutToScanAndCleanQueue |
|
FileTypeShort |
“E” – Executable (EXE, DLL, …) “D” – Document (MS Office word document, MS Office excel sheet) “A” – Archive (Zip, Rar, Tar, …) “G” – Graphical format (Jpeg, GIF, TIFF, BMP, …) “F” – Folder “Y” – Logical drive “I” – Disk image “T” – Text “P” – PDF format “M” – audio or video format “Z” – mail messages (MSG, …) “O” – Other (anything that is not recognized as one of the above) Note: An ISO is treated as an archive file type (type “A”) and not as a disk image (type “I”). |
|