Documentation

Introdoction

API call

Description of each API

Data structure

Sample code

Error code

Limitation

Introdoction

The PHP malware detection pattern API provides patterns for string searches that most efficiently detect malware extracted from the data of malware-infected files. There are two types of detection patterns: string or regular expression type, with regular expression type patterns accounting for approximately 20% of the total.

Api call

The data that can be obtained via the API is JSON data in an array containing malware detection patterns. It can be obtained by calling the following URL with a GET request.


https://api.website-malware-removal.com/v(API version)/?api=(API name)&accesskey=(key to access the API)

(API version) Only version 1.0 of the API version is currently available.


(API name)The following four API names are provided


get_malware_patterns_reliable
get_malware_patterns_new_addition
get_malware_patterns_full
get_fraudulent_ip

(key to access the API)The accesskey specifies the access key issued by the website to members with a paid subscription.


An example URL for an API call specifying the above query is shown below

https://api.website-malware-removal.com/v1.0/?api=get_malware_patterns_reliable&accesskey=1234567890abcdefgrh

Differences and description of each API

1.Obtaining reliable malware detection patterns.(get_malware_patterns_reliable)

Api call url example 
https://api.website-malware-removal.com/v1.0/?api=get_malware_patterns_reliable&accesskey=1234567890abcdefgrh

The malware detection patterns that can be retrieved with this API are suitable for all applications.
If you want to analyse large amounts of data at high speed, or if you regularly analyse such data, you should use this API.
Detection accuracy is high and the likelihood of a file containing this pattern being malware is very high. This makes it the most reliable and balanced malware detection pattern acquisition API.

2.Newly added detection patterns.(get_malware_patterns_new_addition)

Api call url example 
https://api.website-malware-removal.com/v1.0/?api=get_malware_patterns_new_addition&accesskey=1234567890abcdefgrh

The malware detection patterns that can be retrieved with this API are focused on newness.
This API is suitable for detecting files suspected of containing the latest prevalent malware, even if they are somewhat less reliable.
Use this API if you want to detect the most recent malware.
This API contains the most recent malware patterns added within a few months, but it is also possible to get false positives.

3.Maximum number of detection patterns(get_malware_patterns_full)

Api call url example 
https://api.website-malware-removal.com/v1.0/?api=get_malware_patterns_full&accesskey=1234567890abcdefgrh

The malware detection patterns that can be retrieved with this API include more old detection patterns that have been detected within the last five years, rather than relatively new additions.
Use this API if you want to scan for malware in deeply. However, it also includes more recent and somewhat less reliable patterns, which may lead to false positives.
As this pattern contains a very large number of malware patterns, it can be server-intensive and time-consuming to inspect large numbers of files. It is recommended for deep inspection of folders with suspected malware infection, single-file inspection or for groups of files where you specifically want to prevent malware infection.

4.Compromised accessing IP(get_fraudulent_ip)

Api call url example 
https://api.website-malware-removal.com/v1.0/?api=get_fraudulent_ip&accesskey=1234567890abcdefgrh

In addition, we have detected unauthorised access and hacking attacks from over 30,000 other sites, and we also provide an API of listing IP addresses of dangerous hackers who are currently active. With this API, you can obtain the IPs of unauthorised access sources that have recently been active in hacking activities, which are updated on a daily basis.

Data structure

Malware pattern API data structure

NOTE:The structure of the data that can be retrieved in the three api’s (get_malware_patterns_reliable, get_malware_patterns_new_addition, get_malware_patterns_full) is the same.

The JSON data that can be obtained via the API is divided into a metadata part, which indicates the version and name of the data, and a data part containing the actual detection pattern.

metadata

  • api_name:API name
  • api_version:Version of the API
  • generateddate_gmt:Date this data was generated
  • data_count:Number of data (malware detection patterns) included

data(Array)

  • id:The ID of the malware detection pattern.
  • raw_pattern: The malware detection pattern extracted directly from the code.
  • without_whitespace_pattern: Malware detection pattern without whitespace.
  • is_regex: Flag to indicate whether the pattern is a regular expression detection pattern or not (0 or 1).
  • lastdetect_gmt_datetime: date of last detection
  • pattern_add_gmt_datetime: date when the detection pattern was added
  • malware_probability: probability that the code containing this detection pattern was actually malware (%)
  • detection_frequency: The detection frequency of this pattern (undefined,low,medium,high,very high).

API of the compromised accessing IP data structure

The JSON data that can be retrieved via the API is divided into a metadata part, which indicates the version and name of the data, and a data part, which contains the actual IPs.

metadata

  • api_name:API name
  • api_version:Version of the API
  • generateddate_gmt:Date this data was generated
  • data_count:Number of data (IP) included

data(Array)

  • ip:IP address of the unauthorised access
  • ipversion: IP version
  • frequency: Frequency of attacks (undefined,low,medium,high,very high)
  • city: Location of the IP (city)
  • region: Location of the IP (state)
  • country_code: Location of the IP (Country code)
  • country_name: Location of the IP (country)
  • ip_owner: Company or organisation that owns the IP
  • latitude: Longitude of the IP
  • longitude: Latitude of the IP

NOTE:Data other than IP address and IP version may be undefined.

Sample code

Periodically call the API to retrieve and store data.

The code to retrieve the data via the API and store it in a text file on the server is shown below. Such code should be called periodically in CRON.
Note: Our data is only updated once a day, so it is not necessary to call API more than once a day.

Detecting the presence of malware in text data.

An example of code that reads the JSON data retrieved and stored by the above API and recursively checks the given text data for the presence of malware is shown below.

Api result errors

If the API is successful, JSON data is returned with response code 200.

HTTP responce code api_error
403 Api not found
403 Accesskey not suplied
403 Accesskey not found
403 Paid user not found
403 Too many api access
500 Server error
500 JSON data is empty

Limitation

[API limitations]
-API data is updated up to once every 24 hours. Therefore, the data that can be retrieved by the API once a day is the most recent data available.
-Each API can only be called once every 30 seconds maximum. Also, data is only updated once a day. For this reason, do not call the API every time you use the data.
Call the API once a day, e.g. with CRON JOB, to record the data in a database or text file, and then call the data on your own server for use.

[Restrictions in terms and conditions]
-It is prohibited to disclose or make the data acquired by the API available for viewing to unspecified parties.
-The data acquired by the Malware Detection API may not be used for purposes other than malware detection.
-Selling data to third parties is not permitted (providing software or services using the data to third parties for a fee is permitted).
-If you send a query that places an excessive load on our servers, we may temporarily block access to the API.

Learn more