# Antivirus Module The Antivirus module is currently supported only on the Android platform. Therefore, before you start using it, ensure that the functionality is supported on the platform: ```typescript // The rest of this document will use the `antivirus` constant in the examples. const antivirus = Malwarelytics.sharedInstance.antivirus; if (!antivirus.isSupported) { throw new Error("Antivirus is not supported on this platform") } ``` If Antivirus is available, then you can optionally test whether it's enabled: ```typescript if (!await antivirus.isEnabled()) { throw new Error("Antivirus is not enabled, check your config"); } ``` <!-- begin box info --> The antivirus is by default enabled, but you can disable it in the configuration. <!-- end --> ## Evaluate threats To get the list of all applications with evaluated threat index use: ```typescript const threats = await antivirus.getThreatList(); threats.forEach((threat) => { const ti = threat.threatIndex; if (ti == 'HIGHLY_DANGEROUS' || ti == 'MALWARE') { console.log(`App ${threat.packageName} is ${ti}`); } }); ``` The function above will return all apks installed on the system. To get the filtered list by minimum threat index, use: ```typescript const threats = await antivirus.getFilteredThreatList('DANGEROUS'); threats.forEach((threat) => { console.log(`App ${threat.packageName} is ${threat.threatIndex}`); }); ``` <!-- begin box info --> You can get more information from the list, such as detected Malware names. Check the `ApkThreat` interface for more details. <!-- end --> ### Threat levels The following threat index levels are defined: - `MALWARE` - The found threats indicate that the app is malware. - `HIGHLY_DANGEROUS` - The found threats indicate that the app is highly dangerous to the current app. It uses multiple potential attack vectors including techniques directly targeting the current app. - `DANGEROUS` - The found threats indicate that the app is dangerous to the current app. It uses multiple potential attack vectors. However, no technique directly targeting the current app was detected. - `POTENTIALLY_UNWANTED_APP` - The found threats indicate that the app might be potentially dangerous. For example, it declares potentially dangerous permissions. However, it is quite possible that the app is legitimate. - `SAFE` - There are no found threats. - `UNKNOWN` - The threat is unknown. The app was probably not found. In the case of suggestions, there are none. ## Listen to App Changes The app can listen to changes in installed applications (and changes in app threats) - app installs, updates, and uninstalls. To listen to these events, you have to register a listener that implements the `MalwarelyticsAndroidApkThreatListener`. ```typescript await Malwarelytics.sharedInstance.antivirus.setApkThreatListener({ onInstallDetected(apkThreat: ApkThreat): void { console.log(`App install observed: ${JSON.stringify(apkThreat)}`) } onUpdateDetected(apkThreat: ApkThreat): void { console.log(`App update observed: ${JSON.stringify(apkThreat)}`) } onUninstallDetected(packageName: string): void { console.log(`App uninstall observed: ${JSON.stringify(packageName)}`) } }); ``` To remove the previously set listener, use the following code: ```typescript Malwarelytics.sharedInstance.antivirus.removeApkThreatListener(); ``` ## Listen to Suggestion Updates App evaluation data obtained from the remote server are called suggestions. These data are automatically updated in the background. An app can listen to these updates. To listen to suggestion updates, you have to register a listener that implements the `MalwarelyticsAndroidUpdateListener` interface. ```typescript await Malwarelytics.sharedInstance.antivirus.setUpdateListener({ onSuggestionUpdated(info: ObservedUpdateInfo): void { console.log(`Update info observed: ${JSON.stringify(info)}`) } }); ``` To remove the previously set listener, use the following code: ```typescript Malwarelytics.sharedInstance.antivirus.removeUpdateListener(); ``` ## Getting the Last Update Info The antivirus API offers a method for obtaining information about the last updates. Performed updates are of two types: - `FULL` - Suggestions for all apps were updated. - `PARTIAL` - Suggestions for only some apps were updated. For each of these types of updates, the data contains info about the latest successful and failed updates. The data can be obtained by using the following code: ```typescript let updateInfo = await Malwarelytics.sharedInstance.antivirus.getLastUpdateInfo(); ``` ## Trigger Smart Protection Update To trigger a Smart Protection update and evaluation use the following code: ```typescript const onlineUpdate = true; const result = await antivirus.triggerSmartProtection(onlineUpdate); if (!result.onlineUpdateSucceeded) { console.log('Update from server failed'); } if (!result.evaluationSucceeded) { console.log('Evaluation failed'); } if (result.uiDisplayed) { // Smart Protection screen is now displayed } ``` The operation above might result in displaying a UI (based on the found threats). Note that the UI will be displayed (if the config allows it) after a small delay. That's because the method performs update and evaluation first. <!-- begin box info --> If you want to change the visual style of the displayed UI then follow the instructions in the [Configuration of the Antivirus UI for Android](Configuration-Antivirus-UI.md) document. <!-- end --> ## Change language ```typescript // Change the language used in the Smart Protection UI await antivirus.setCustomLocalization('cs'); // Change back to the default language await antivirus.setCustomLocalization(undefined); // Get the current language const currentLanguage = await antivirus.getCustomLocalization(); ``` ## Read Next - [RASP Module](Usage-RASP.md) - [Demo Application](Demo-App.md)