T4InitS uses "init_config", T4ScanS uses "scan_config".

    {
        "init_config" :
            {
                "vdb": "C:\\vdb\\t3sigs.vdb", // path to the Virus Definition Database. Can be false to try to load the engine without VDB.
                "vdb_linux": "",              // if set, specifies the path to the Virus Definition Database for Linux. This allows to use the same config with absolute paths on windows and *nix
                "vdb_type": "default",        // it can be 'default', 'android', 'common', or 'any'. Default is ["default"]
                "vdb_log_path": "",           // path for vdb (loading) log file
                "vdb-cache": true,            // enables the VDB performance cache to be written to disk for faster load times. Default [false]
                "use-vdb-mapping": false,     // suggests to use file mappings for loading VDB. Saves some milliseconds for loading at the cost of larger working set size. Default: true on Windows x64, false otherwise
                "require-signed": false,      // disallows to load unsigned VDBs. Default [false]

                "tmp_path": "$auto",          // Sets the Temp Path. It can be '$auto', '$none', or a directory. Default: "$none"
                
                "no-tmp-crc": false,          // Disables checksum verification for already scanned files. Default [false]
                "disable_duplicate_check": false,    // if set to true, duplicated items will be scanned multiple times (useful to report all found infected items). Default [false]
                "no-cache-invalid-password": false, // Don't cache password-protected files as clean when no valid password is provided. Default [false]
                "no-cache-multivol": false,   // Don't cach parts of multivolume archives as clean. Default [false]
                "cache-leaves-only": false,   // Enables cache only on leaves of the scan tree. The use of "no-tmp-crc" overrules this. Default [false]
                "no-init-threads": false,     // Disables thread creation on T4Init. No threaded loading of the VDB. Requires explicit call to T4InitThreads() before T4ScanS() is used. Default [false]
                "no-multithreaded-loading": false, // Do not use multithreading for vdb-loading. Default [false]
                "crashdump_path": "crashdir", // directory to store crash dumps
                "time-factor": 1.0,           // scales all returned scan times by the factor value. Default is [1.0]
                
                "tmp-stream-bufsize": 0,      // Sets the amount of memory that temporary data streams can use until file maps are preferred. 0 or Default: Between 128MB and 1GB, depending on the number of threads.

                "pdf_constants": [500, 40, 10, 20971520, 314572800, 20, 1048576, 10, 4, 104857600], // array of constants for tuning pdf detection
                "js_sim_constants": [50, 40, 250000, 100, 100, 5, 9, 20, 100, 1000, 120000, 83886080, 8388608, 6291456], // array of constants for tuning the js simulator
                "dotnet_constants": [131072, 1280, 20480, 1280, 327680, 1280, 65536, 512, 512, 16777216], // array of constants for tuning dotnet analysis
                "extract_max_single_alloc": 402653184, // for tuning extraction: maximum single allocation size (must be at least 16MB)

                "sigqa":
                {
                    "enabled": true,   // if SigQA shall be activated
                    "proxy": "",     // CONNECT-supporting proxy in format "user:pass@proxy:8080"
                    "max_files": 0,  // 0 means default (20 for SDK, 300 for scanserver)
                    "timeout": 0,    // 0 means default, which is 20 minutes
                    "anonymize_names": false, // if true, the filenames are not reported
                    "disable_uploads": false, // if true, no files are uploaded in general
                    "enable_executable_uploads": false, // if true, executable files are uploaded even if uploads are didabled in general
                    //"req_folder": "", // temporary folder for sigqa
                    //"sent_folder": "", // temporary folder for sigqa
                    //"binary_name": "", // application name (unavailable in scanserver)
                    //"binary_version": 0, // application version (unavailable in scanserver)
                    //"endpoint": "" // substitute for default SigQA endpoint
                },
                
                "fastdiff": // optional: fastdiff config
                {
                    "enabled": false, // to activate the real-time signature updates from our backend
                    "proxy": "",      // CONNECT-supporting proxy in format "user:pass@proxy:8080". It must be able to keep connections alive for at least 150 seconds!
                },
                
                "ca_certificates" : [false, "ca1.crt", "ca2.crt"]       // array of CA Certificates for SigQA and FastDiff. 
                                                                        // "false" value means that the list shall be cleared (added for compatability with T4RegisterRootCA and reloading)
                                                                        // otherwise the value is treated as a filename of the root CA certificate
                                                                        // Warning: If the list is empty, any valid certificate is trusted!
                "ca_certificates_proxy" : [false, "ca1.crt", "ca2.crt"] // array of CA Certificates for the connection to the proxy.
                                                                        // "false" value means that the list shall be cleared (added for compatability with T4RegisterRootCA and reloading)
                                                                        // otherwise the value is treated as a filename of the root CA certificate
                                                                        // Warning: If the list is empty, any valid certificate is trusted!
            },
            
        "scan_config" :
            {
                "max_file_size": 128000000,  // maximal filesize to scan (in bytes). Default [infinite]
                "stream_timeout": 5,         // The timeout, in seconds, for the scan of a single item. Default [infinite]
                "global_timeout": 60,        // The global timeout, in seconds, for the scan. Default [infinite]
                "kill_timeout": 0,           // If not 0, casues the application to crash, if the scan doesn't terminate after the given amount of seconds despite setting the timeout.
                                             // It can be useful to restart the service during unexpected hangs (caused for example by faulty IO). Default [not set]
                "max_extract_size": 2000000000, // Abort the scan after this amount of extracted data is reached (approximately). If the limit is hit, returns T4_ERR_EXTRACT_LIMIT. Default [not set]
                "aggressive_memory_control": false, // Enable aggressive checking for memory exhaustion (useful when scanning large files, which might exhaust RAM/swap/HDD temp space). Default [false]

                "options":
                {    
                    "verbose_item_info": true,   // outputs verbose information about each scanned item. Default [false]
                    "filetype_names": true,      // additionally, output filetypes as names. Default [false]
                    "filetype_parents": true,    // output all parents of the filetype (only for items). Default [false]
                    "filetype_only": false,      // only detect filetype, don't scan - can be used in conjunction with option "filetype_names" and "filetype_parents". Default [false]
                    
                    "report_all_sigs": true,      // all signatures will be reported. Default [false]
                    "report_sig_item_name": false,// if report_all_sigs is set, reports the item name together with the signature. Default [false]
                    
                    "report_all_infected_items": 
                    {
                        "enabled": false,            // prints information about all found infections into "infected_items". Consider using togehter with "disable_duplicate_check". Default [false]
                        "recursive": false,          // if set, subitems of infected items are scanned and reported. Default [false]
                        "self_infected_only": false, // if set, the item is reported as infected only when it is infected by itself (i.e., no propagation to parent item happens). Default [false]
                        "standalone_only": false,    // if set, only standalone items are reported as infected
                    },
                    "disable_adware_scan": false, // disable PUA/Adware signatures. Default [false]
                    "skip_sig_name": false,       // output only sigid, not the name. Default [false]
                    "report_item": false,          // output infected item name. Default [false]
                    "report_passwords": true,     // save found passwords. Default [false]
                    
                    "disable_boot_simulation": false,  // Default [false]
                    "disable_exe32_simulation": false, // Default [false]
                    "disable_exe64_simulation": false, // Default [false]
                    "disable_js_simulation": false,    // Default [false]
                    "disable_pcode_simulation": false, // Default [false]
                    "disable_dotnet_general_simulation": false,   // Default [false]
                    "disable_dotnet_unpacking_simulation": false,   // Default [false]
					"force_js_simulation": false,      // always invoke the JS Simulator, don't use the heuristic to decide if the script needs to be simulated
                    
                    "disable_unpacking": false,        // disable scanning of archives. Default [false]
                    
                    "disable_exception_handler": false,  // disables any exception catching. Default [false]
                    "disable_sigqa": false,              // disables SigQA for this scan. Default [false]
                    "cache_timeout": false,              // cache files even if they hit timeout. Default [false]
                    "optimize_whitelists": false,        // Optimizes whitelist checks. The result can have CRC64 = 0. Default [false]
 
                },

                "passwords": ["infected", "test"], // list of passwords to try. Raises an error if T4SetPwdListCallback has been called! Default: empty.
                
                "pseudosigs":  // configures which pseudosigs to fire. Default all to [false]
                {
                    "as_mail_item": false,
                    "mz_is_suspicious": false,
                    "enc_archive_bad": false,
                    "enc_archive_bad_name": false,
                    "damaged_mz": false,
                    "autoopen_macros": false,
                    "EncDocIsBad": false
                },
                "output": // result parameters 
                {
                    "pretty": true,   // if the JSON shall be pretty-printed. Default[false]
                    "disabled": false // disables the output completely. Useful if you are only interested in calling T4IsInfected(). Default [false]
                },
                
                "input": // can optionally provide the input
                {
                    "filename": "C:\\work\\code_in_pe_header\\263224063.dll", // utf-8 encoded filename. Default [not set]
                    "fn_base64": "L3RtcC9G9vY=", // base64-encoded filename. Can be used to provide a filename with invalid characters. Overrides "filename". Default [not set]
                    "filetype": 3261, // it can be set to skip the filetype identification. Default [not set]
                },

                "items":  // allows to dump extracted items. Default: not set
                {
                    "dump_items": [],                 // it can be an array of filetypes or "all"
                    "folder": "C:\\work\\items\\",    // where to save the items
                    
                },
                
            },
    }



    Output:

    {
        "file": "filename", // utf-8 encoded filename
        "fn_base64": "", // if fn_base64 is provided in input options, the base64-encoded filename is returned here
        "result":
        {
            "crc64": filehash,        // internal hash of the scanned file
            "filetype": filetype_id,  // the integer detected filetype
            "filetype_name": "filetype_name", // in case filetype_names is true, set to the description of the filetype
            "status": "infected"/"adware"/"pseudosig"/"clean",
            
            "sigid": found_signature_id, // in case a signautre has been found, the signature id is set
            "signame": "signature name", // in case a signautre has been found and skip_sig_name is false, the signature name is written
            "infected_item": "path1==>path2==>...==>name", // in case a signautre has been found and report_item is true, the path to the infected_item is dumped

            // in case a negative indicator has been found, the details are output
            "neg_type": "whitelisted"/"known_header"/"certificate"/"cached",
            "neg_header_id": negative_header_id,
            "neg_cert": neg_cert_sha,
            
            "num_items": total_number_of_items_scanned,  // number of subitems contained in the scanned file
            "time": used_time,  // total scan time
            "error_code": error_code_on_error, // on error, set to T4_ERR_*. The most important are:
                                                // 4  = File I/O read error.
                                               // 7  = A timeout occurred in an item.
                                               // 21 = An item is password protected or the given password is invalid.
                                               // 23 = The file exceeds the max file size parameter.
                                               // 24 = This is a multi volume archive.
                                               // 25 = This is a mail bomb archive.
                                               // 28 = A global timeout occurred.

            "errors": ["error1", "error2", ...] // text description of some errors occured during scanning
            
        },
        
        "items":  // present if
                  // 1) verbose_item_info is true
                  // 2) a password has been used to decrypt the item and report_passwords is true
                  // 3) dump_items is set, and the item has been dumped to disc
        [
            {
                "id": item_id,
                "name": "item name",
                "dump": "saved_dump_file_path", //in case the item has been dumped, the file path is stored here
                "crc": item_crc64,
                "filesize": filesize,
                "runtime": execution_time, //scan time of the item

                "filetype": filetype_id,
                "filetype_desc": "filetype name", // if filetype_names is true, has the description of the filetype
                "ft_parents": [filetype1, filetype2, ...],          //if filetype_parents is true, shows all parents of the detected filetype
                "ft_parents_desc": ["filetype1", "filetype2", ...],
                "pe_machine_type": "x64/x86/arm64/arm64ec/arm64x/other", // if pe, displays the machine type of the item
                
                "status": "infected"/"adware"/"pseudosig"/"clean"/"skipped", // scan result for the item

                "statistics":
                {
                    "sigids": [ sigid1, sigid2, ... ],     // found signatures
                    "passwords": [ "pwd1", "pwd2", ... ],  // passwords which were used for decryption
                    "valid_certs": [ "sha1", ...],         // valid whitelisted certificates found
                    "invalid_certs": [ "sha1", ...],       // invalid whitelisted certificates found
                    "known": true/false,                   // set to true if the item is whitelisted 
                    
                }
            }, ...
        ],
        
        "signatures": [ //in case report_all_sigs is specified, contains all found signatures during scan
            {
                "item": item_id,   // the item id, where the signature has been found
                "item_name" : "path", // if report_sig_item_name is set, then contains the full path to the infected item
                "id": sigid,       // the signature id
                "name": "signame", // the signature name, unless skip_sig_name is true
                "type": signum/"crc"/"pseudosig", // either the signature type as number, or "crc" in case of blacklist, or "pseudosig" in case it is a pseudosig
                "adware": true/false, // set to true for adware sigs. Default: [false]
            }, ...
        ],
        "infected_items": [ //in case report_all_infected_items is specified, contains all found infected items
            {
                "item_id": item_id,   // the item id, where the signature has been found
                "item_name" : "path", // the full path to the infected item
                "sigid": sigid,       // the signature id
                "signame": "signame", // the signature name, unless skip_sig_name is true
                "type": "virus"/"adware"/"pseudosig", // infection type
            }, ...
        ],
        "whitelisted_certs": // if report_certs is set, contains the set of items which were detected to have a valid whitelisted certificate
        [
            {
                "crc": item_crc,
                "item": item_id,
                "sha": "cert_hash",
                "has_overlay": false/true // if set to true, the item has a non-signed part, which has been scanned
            }, ...
        ],
    }