Getting started with File Inspection Engine
This guide walks you through running File Inspection Engine (FIE) locally with Docker and scanning your first file via the HTTP API.
What you'll accomplish:
- Pull and run the FIE container
- Verify the engine is ready
- Submit your first file for analysis
- Understand the classification response
Prerequisites
Before you begin:
- Docker installed and running on your machine
- A ReversingLabs license file for FIE (
.lic) - Your ReversingLabs cloud credentials (username and password) for registry access
curlinstalled
Your FIE license file and cloud credentials are provided by ReversingLabs Support when your FIE subscription is activated. If you do not have them, contact support before proceeding.
Step 1: Pull the container image
Log in to the ReversingLabs container registry using your cloud username and password, then pull the FIE image:
docker login registry.reversinglabs.com
docker pull registry.reversinglabs.com/fie/file-inspection-engine:latest
Step 2: Start the container
Run FIE with your license passed as an environment variable:
docker run -d \
--name fie \
-p 8000:8000 \
-e RL_LICENSE="$(cat /path/to/rl-license.lic)" \
registry.reversinglabs.com/fie/file-inspection-engine:latest
On first start, FIE downloads its threat database. Wait for the container to become ready:
curl http://localhost:8000/readyz
When ready, this returns 200 OK. The download may take a few minutes depending on your network speed.
Step 3: Scan your first file
Submit a file for analysis using the /scan endpoint:
curl -X POST --upload-file /path/to/your/sample.exe \
http://localhost:8000/scan
FIE analyzes the file synchronously and returns a JSON verdict in the same response.
Step 4: Interpret the response
A typical response looks like:
{
"classification": "OK",
"message": "",
"errors": []
}
The classification field indicates the verdict:
| Value | Meaning |
|---|---|
OK | File is goodware or unknown — no threat detected |
malicious | File is classified as malicious |
suspicious | File shows suspicious indicators (only when paranoid mode is enabled) |
Getting additional threat details
To get threat details alongside the classification verdict, start FIE with the --with-threat-details and --add-file-type flags. The enriched response includes the threat name, platform, and file type:
{
"classification": "malicious",
"message": "",
"errors": [],
"threat_details": {
"platform": "Script",
"type": "Trojan",
"threat_name": "Script-JS.Trojan.Redirector"
},
"file_type": "Text"
}
Next steps
Now that you've scanned your first file, explore the full capabilities of FIE:
- Usage Guide — Complete API reference including all endpoints, hash lookups, status monitoring, error handling, and classification overrides
- Configuration Reference — CLI flags for core instances, timeouts, file size limits, and advanced options
- Kubernetes Deployment — Deploy FIE at scale on Kubernetes
- Air-Gapped Deployment — Offline environment setup
For troubleshooting common issues or understanding response codes, see the Usage Guide.