Get Quarantine State Information for a Group

Request Parameters

Parameter

Description

Mandatory

from

Start date of the requested period, during which objects were moved to Quarantine.

If not set, then the current month statistics is returned.

no

id

Group ID

yes

page

Page number to be returned in a response, in paged view (can be used to display information about a large number of objects in Quarantine).

The default value is 1.

no

per-page

Number of stations per page, in paged view (can be used to display information about a large number of objects in Quarantine).

The default value is 100.

no

till

End date of the requested period, during which objects were moved to Quarantine.

If not set, then the current month statistics is returned.

no

 

Request Example

https://192.168.1.1:9081/api/groups/quarantine-objects.ds?id=2&per-page=1

XML and JSON response structure examples are described below.

 

XML Response Structure

<drweb-es-api api_version="4.3.0" timestamp="1587587019" server="192.168.1.1" srv_version="12.00.0.201909260" status="true">
 <group-quarantine items="1" period_from="1585688400" period_till="1587589199">
   <item>
     <station id="1002">Station02</station>

     <created-time>1587553404</created-time>

     <component>2</component>

     <file size="125440">C:\Users\tests\Virs\Win32.PariteC:\Users\Administrator\Desktop\sendmessage 111\sendmessage\sendmessage\adware._xe</file>

     <hash>F20ED9A269BF10E2E9F119979478890C8AA5E6A3F6CD83B2020F27C01991EDF7</hash>

     <owner>win7-pro-x64-ru\Administrator:win7-pro-x64-ru\None</owner>

     <virus-info>Adware.Dudu</virus-info>

     <object>Fc45be5fbe1f9f0b64f9a58fa898b73d913ad494aabb4aa9341c96737600fa44</object>

     <q-time>20200422110324000</q-time>

     <infection-type>5</infection-type>
   </item>
 </group-quarantine>

 <pages total="6" current="2" objects-per-page="1"/>
</drweb-es-api>

 

Description of XML Response Parameters

The <group-quarantine /> element contains information about all objects in Quarantine on stations in requested group.

The <group-quarantine /> element attributes:

Attribute

Description

items

Total number of objects in Quarantine on stations in a specified group

period_from

Start date of the requested period, during which objects were moved to Quarantine

period_till

End date of the requested period, during which objects were moved to Quarantine

The <item /> element contains information about a specific object in Quarantine.

The <station /> element contains information about a station on which an object was moved to Quarantine.

The <station /> element attribute:

Attribute

Description

id

Station ID

The <station /> element value is a station’s name.

The <created-time /> element value is the time when an object was added to Quarantine at the Dr.Web Server.

The <component /> element value is a component’s code, which moved an object to Quarantine. Components have the codes assigned to them as described below:

Code

Component

0

unknown component

1

Dr.Web Scanner

2

SpIDer Guard

3

SpIDer Mail

4

SpIDer Gate

5

Quarantine Manager

6

Dr.Web for Kerio

7

Dr.Web for Microsoft Outlook

8

Dr.Web for IBM Lotus Domino

9

Dr.Web for Qbik WinGate

10

Dr.Web for ISA Server

11

Antirootkit module

The <file /> element contains information about a specific file in Quarantine.

The <file /> element attribute:

Attribute

Description

size

Size of a file in Quarantine

The <file /> element value is original file name and a full path to the file before it was moved to Quarantine.

The <hash /> element value is the object hash code in the SHA-256 format.

The <owner /> element value is a name of the file owner.

The <virus-info /> element value is a name of malware object according to the Doctor Web company classification.

The <object /> element value is an ID of the object after it was moved to Quarantine.

The <q-time /> element value is the time when an object was moved to Quarantine at a station.

The <infection-type /> element value is an infection type code. Infection types have the codes assigned to them as described below:

Code

Infection type

1

known infection

2

known infection modification

4

unknown infection

5

adware

6

dialer

7

joke

8

riskware

9

hacktool

The <pages /> element contains information about the paged view.

The <pages /> element attributes:

Attribute

Description

total

Total number of pages

current

Current page number

objects-per-page

Max number of objects in Quarantine displayed per page

 

JSON Response Structure

{ "head": {
    "status": true,

    "timestamp": 1587592440,

    "api": {
      "version": 40300,
      "versionString": 4.3.0},

    "server": {
      "name": "192.168.1.1",

      "version": "12.00.0.201909260",
      "uuid": "d43ec7c0-846c-11ea-56fb-d8e582d45004"}},

"data": {
  "period_from": 1585688400,

  "period_till": 1587675599,

  "items": {
    "total": 1,

    "list": [
      {"created_time": 1587553404,

        "component_code": 2,

        "file": "C:\\Users\\Administrator\\Desktop\\sendmessage 111\\sendmessage\\sendmessage\\adware._xe",

        "file_size": 125440,

        "hash": "F20ED9A269BF10E2E9F119979478890C8AA5E6A3F6CD83B2020F27C01991EDF7",

        "owner": "win7-pro-x64-ru\\Administrator:win7-pro-x64-ru\\None",

        "virus_info": "Adware.Dudu",

        "object": "Fc45be5fbe1f9f0b64f9a58fa898b73d913ad494aabb4aa9341c96737600fa44",

        "q_time": 20200422110324000,

        "infection_type": 5,

        "station_id": "1002",
        "station_name": "Station02"}]},

  "pages": {

      "total": 6,

      "current": 2,

      "objects_per_page": 1}}}

 

Description of JSON Response Parameters

The data block contains information about all objects in Quarantine on stations in requested group.

The data block elements:

Field name

Description

period_from

Start date of the requested period, during which objects were moved to Quarantine

period_till

End date of the requested period, during which objects were moved to Quarantine

items

Block containing information about every object in Quarantine on stations in a specified group

The items block elements:

Field name

Description

total

Total number of objects in Quarantine on all stations in a group

list

Array with information about every object in Quarantine

Every object in the list array contains information about a specific object in Quarantine.

Elements in the list array:

Field name

Description

component_code

The code of components which moved the object to the Quarantine:

0—unknown component,

1—Dr.Web Scanner,

2—SpIDer Guard,

3—SpIDer Mail,

4—SpIDer Gate,

5—Quarantine Manager,

6—Dr.Web for Kerio,

7—Dr.Web for Microsoft Outlook,

8—Dr.Web for IBM Lotus Domino,

9—Dr.Web for Qbik WinGate,

10—Dr.Web for ISA Server,

11—Antirootkit module

created_time

The time when an object was added to Quarantine at the Dr.Web Server

file

Original file name and a full path to the file before it was moved to Quarantine

file_size

Size of a file in Quarantine

hash

Object hash code in the SHA-256 format

infection_type

Infection type:

1—known infection,

2—known infection modification,

4—unknown infection,

5—adware,

6—dialer,

7—joke,

8—riskware,

9—hacktool

object

ID of an object after it was moved to Quarantine

owner

Name of a file owner

q_time

Time when an object was moved to Quarantine at a station

station_id

ID of a station, which Quarantine information is presented in this section

station_name

Name of a station, which Quarantine information is presented in this section

virus_info

Name of malware object according to the Doctor Web company classification

The pages block contains information about the paged view.

The pages block elements:

Field name

Description

current

Current page number

objects_per_page

Max number of objects in Quarantine displayed per page

total

Total number of pages