Rosetta 5.1 introduces a new version of the antivirus plugin interface. The new version supports an additional exit code, as follows:
- '0' - scan result is negative (= no virus found)
- '1' - scan result is positive (= virus found)
- > 1 - scan result is undetermined
An 'undetermined' result should be used when the antivirus scan fails to return a definite result. Such a result is logged by the validation stack as 'vs_Error.32768 VirusCheckUnknownError'. The Technical Analyst (TA) workbench UI will allow files with an undetermined scan result to be ignored. When multiple scans are run, the task takes the highest value (but record events for each scan separately).
Libraries that wish to allow scans with positive results to be ignored (generally unadvised) may set their plugin to return a value higher than 1. Libraries wishing to err on the side of caution and only allow positively clean files to pass through may continue to use the V1 interface.
An example implementation is available here.