Malware Scanner
Malware Scanner
Base: /api/v1/security/module/scanner. License Pro/Enterprise.
Status — GET /scanner/status
Response 200 (verified live):
{ "initialized": true, "realtime": true, "patterns_count": 137,
"fanotify": { "running": false, "mount_points": [] },
"stats_24h": { "total_scans": 0, "total_threats": 0,
"quarantined": 0, "cleaned": 0, "by_type": {} },
"whitelist": { "enabled": true, "excluded_paths": 6 },
"yara": { "clamav_installed": false, "yara_available": true,
"yara_rules_count": 757, "initialized": true } }
Threats — GET /scanner/threats
Response 200 (verified live):
{ "data": [], "limit": 50, "page": 1, "total": 0 }
Populated item: { "id": "threat-abc", "path": "/home/john/shell.php", "threat_name": "PHP.Webshell.Generic", "severity": "critical", "status": "detected", "detected_at": "…" }.
Start a scan — POST /scanner/scan
Request:
{ "path": "/home/john", "type": "full",
"use_clamav": true, "use_yara": true }
type: full | quick | path.
Response 200 (shape observed live):
{ "scan": { "id": "1779099393-0001", "username": "john",
"scan_type": "full", "status": "pending",
"scan_path": "/home/john", "total_files": 0,
"scanned_files": 0 } }
GET /scanner/scans (history) · /scanner/my-stats;
POST /scanner/scans/:id/cancel.
Threat actions & whitelist
POST /scanner/threats/:id/{quarantine,clean,restore,ignore,whitelist}
(no body); DELETE /scanner/threats/:id (admin).
GET /scanner/whitelist; POST /scanner/whitelist/path
{ "path": "/home/john/tool.php", "reason": "deploy" };
DELETE /scanner/whitelist/path/:id. Engine:
POST /scanner/toggle; ClamAV/YARA/fanotify install/update; patterns.
Conventions → Authentication, Error Handling.