Threat Scan Module

The Threat Scan module enables you to scan files and memory for malicious patterns, suspicious behavior, and known threat signatures. It is one of the core components of the CyberShield SDK.

---

File Scan

Use the scan.file() method to scan any supported file.

JavaScript

const result = await shield.scan.file("sample.pdf");
console.log(result.threatLevel);

Python

result = shield.scan_file("sample.pdf")
print(result["threatLevel"])

---

Response Structure

A typical scan response looks like:

{
  "threatLevel": "high",
  "signature": "Trojan.Generic.5843",
  "confidence": 92,
  "scanId": "ab12cd34ef56",
  "timestamp": "2025-01-15T10:24:51Z"
}

Field Descriptions

Field	Description
threatLevel	Risk level: low, medium, high.
signature	Name of detected threat, if identified.
confidence	Detection confidence (0–100).
scanId	Unique identifier for retrieving scan results later.
timestamp	Time the scan was completed.

---

Memory Scan

Scan running processes or memory regions to detect in-memory threats.

JavaScript

const memoryResult = await shield.scan.memory(1234);
console.log(memoryResult);

Python

memory_result = shield.scan_memory(1234)
print(memory_result)

---

Memory Scan Output

{
  "processId": 1234,
  "risk": "medium",
  "reason": "Suspicious memory pattern",
  "timestamp": "2025-01-15T10:26:03Z"
}

---

Error Handling

Common error causes:

• Unsupported file type
• File too large
• Memory scanning unsupported on OS
• Invalid process ID

Example (JavaScript)

try {
  const result = await shield.scan.file("unknown.xyz");
} catch (err) {
  console.error("Scan failed:", err.message);
}

---

Next Step

Continue exploring SDK modules:

• File Analysis
• System Monitor