Retrieves file detection results in batches using HashKey values.
Operation description
You can retrieve detection results only for submitted files. Results are retained for 5 hours and can be queried multiple times during this period. To submit a file for detection, call the CreateFileDetect operation.
Unique file identifier
All file detection operations use the HashKey parameter. HashKey is a unique file identifier used to query the corresponding file detection result.
For Skill compressed package detection (when Type is 6), obtain the HashKey from the response of the CreateFileDetect operation.
For malicious file detection (when Type is 0), the HashKey must be the MD5 or SHA-256 hash of the entire file.
Query detection results
In a malicious file detection scenario (when Type is 0), you can filter files by their attributes using the FileLabel field in the Ext field. For example, you can combine the encrypted and Zip attributes to filter for encrypted compressed packages. Supported file tags for compressed packages include: Zip, RAR, 7-Zip, XAR, ZLib, GZip, and tar. You can also use the Highlight field in the Ext field to locate malicious code segments in WebShell files. The Highlight field is a list in which each element represents a code range. The numbers indicate the character offset from the beginning of the file.
In a Skill compressed package detection scenario (when Type is 6), you can retrieve the detection report from the Ext field. This report includes results from deep intent analysis, prompt injection detection, sensitive information recognition, and malicious script detection. To query the details of an individual file within the compressed package, call the ListCompressFileDetectResult operation.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-sas:GetFileDetectResult |
get |
*All Resource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| SourceIp |
string |
No |
The source IP address of the request. |
183.46.XX.XX |
| HashKeyList |
array |
Yes |
An array of up to 100 unique file identifiers. |
|
|
string |
No |
The unique file identifier. |
0a212417e65c26ff133cfff28f9c**** |
|
| Type |
integer |
Yes |
The type of file to detect. Valid values:
|
0 |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The response object. |
||
| RequestId |
string |
The unique ID of the request, generated by Alibaba Cloud. Use this ID to troubleshoot issues. |
24A20733-10A0-4AF6-BE6B-E3322413BB68 |
| ResultList |
array<object> |
An array of file detection result objects. |
|
|
object |
A file detection result object. |
||
| HashKey |
string |
The unique file identifier. |
0a212417e65c26ff133cfff28f6c**** |
| Result |
integer |
The file detection result. Valid values:
|
0 |
| Score |
integer |
The file's detection score. The score ranges and their corresponding risk levels are as follows:
Important A higher score indicates a higher level of suspicion. |
100 |
| VirusType |
string |
The type of virus. Valid values:
Note
This parameter is not returned when |
WebShell |
| Code |
string |
The result code. A value of 200 indicates success. Other values indicate an error. Use this code to determine the cause of the error. |
200 |
| Message |
string |
The detailed message returned. |
successful |
| Ext |
string |
The extension field, which provides additional details about the detection result. |
{ "HighLight": [ [ 23245, 23212 ] ], "FileLabel": [ "PE32", "Zip", "SFX", "encrypted" ] } |
| Compress |
boolean |
Indicates whether the file is identified as a compressed package.
Note
This parameter is not returned when |
false |
Examples
Success response
JSON format
{
"RequestId": "24A20733-10A0-4AF6-BE6B-E3322413BB68",
"ResultList": [
{
"HashKey": "0a212417e65c26ff133cfff28f6c****",
"Result": 0,
"Score": 100,
"VirusType": "WebShell",
"Code": "200",
"Message": "successful",
"Ext": "{\n \"HighLight\":\n [\n [\n 23245,\n 23212\n ]\n ],\n \"FileLabel\":\n [\n \"PE32\",\n \"Zip\",\n \"SFX\",\n \"encrypted\"\n ]\n}",
"Compress": false
}
]
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | RequestTooFrequently | Request too frequently, please try again later | |
| 400 | GetResultFail | Get result fail, found no detect record for this file or result has been expired | |
| 400 | InvalidApiDetectType | Unsupported Api Detect Type. | The file type is not supported. |
| 500 | ServerError | ServerError | |
| 500 | SystemBusy | System busy, please try again later. | |
| 403 | NoPermission | caller has no permission | You are not authorized to do this operation. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.