DEV Community

Cover image for Antivirus for File Uploads: Add Virus and Malware Scan to Any App
Andreas Wittig
Andreas Wittig

Posted on

Antivirus for File Uploads: Add Virus and Malware Scan to Any App

#security #java #webdev #javascript

As a developer, you are aware of the fact that all user input needs to be validated carefully. But, how do you ensure users and 3rd parties are not uploading files infected by viruses, trojans, ransomware, or other kinds of malware? You don't? Let me show you how to add virus and malware scanning to any app with ease.

Why?

  • Distribution Risk: Your app shouldn't be a "Patient Zero" for spreading malware to others.
  • Lateral Movement: Once a malicious file is on your server, it can be used to attack your infrastructure.
  • The Compliance "Must-Have": If you’re dealing with PCI DSS, ISO 27001, HIPAA, or SOC 2, malware scanning isn't just a good idea—it’s often a requirement.

Virus and Malware Scan API

Modern virus and malware scanning is just an API call away.

  1. User or 3rd party sends file to your app.
  2. App calls the Virus and Malware Scan API.
  3. Virus and Malware Scan API scans the file and returns the scan result.
  4. Depending on the scan result, app proceeds with quarantining/deleting or processing the file.

User uploads file, app submits a scan job, Virus and Malware Scan API scans the file and reports back the results

In the following, I will demonstrate how to use the Virus and Malware Scan API by attachmentAV.

An API key and subscription is required to access the Virus and Malware Scan API by attachmentAV. Learn more.

Scan a file with Virus and Malware Scan API

The following snippet shows how to scan a file by calling the API with curl. Replace <API_KEY_PLACEHOLDER> with your API key and @path/to/file with the path to the file that you want to scan.

curl \
  -X POST \
  -H 'x-api-key: <API_KEY_PLACEHOLDER>' \
  -H 'Content-Type: application/octet-stream' \
  -d '@path/to/file' \
  https://eu.developer.attachmentav.com/v1/scan/sync/binary
Enter fullscreen mode Exit fullscreen mode

The API responds with the following result, for example.

{"status":"clean","size":73928372,"realfiletype":"Adobe Portable Document Format (PDF)"}
Enter fullscreen mode Exit fullscreen mode

Implementing virus scanning with Java

Use the Java SDK virus-scan-sdk to integrate attachmentAV with your Java application.

The SDK is available in the Maven Central repository.

<dependency>
  <groupId>com.attachmentav</groupId>
  <artifactId>virus-scan-sdk</artifactId>
  <version>0.6.0</version>
</dependency>
Enter fullscreen mode Exit fullscreen mode

The following snippet illustrates how to send a file to the Virus and Malware Scan API. Don't forget to replace <API_KEY_PLACEHOLDER> with the API belonging to your subscription. Also replace /path/to/file with the path to the file you want to scan.

import com.attachmentav.api.AttachmentAvApi;
import com.attachmentav.client.ApiClient;
import com.attachmentav.client.ApiException;
import com.attachmentav.client.Configuration;
import com.attachmentav.model.ScanResult;
import java.io.File;

// ...

ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("<API_KEY_PLACEHOLDER>");
AttachmentAvApi api = new AttachmentAvApi();
ScanResult result = api.scanSyncBinaryPost(new File("/path/to/file"));
System.out.println("Scan Result: " + result.getStatus());
Enter fullscreen mode Exit fullscreen mode

Adding malware protection to JavaScript or TypeScript app

Java isn't for you, but you are all-in on TypeScript or JavaScript? Here you go. There's an SDK for TS/JS as well.

npm i @attachmentav/virus-scan-sdk-ts
Enter fullscreen mode Exit fullscreen mode

Find an example on how to send a file to the Virus and Malware Scan API in the following. Don't forget to replace <API_KEY_PLACEHOLDER> with the API belonging to your subscription. Also replace /path/to/file with the path to the file you want to scan.

import { AttachmentAVApi, Configuration } from '@attachmentav/virus-scan-sdk-ts';
import { readFileSync } from 'node:fs';
import { Blob } from 'node:buffer';

const config = new Configuration({
  apiKey: '<API_KEY_PLACEHOLDER>'
});

const api = new AttachmentAVApi(config);

const scanResult = await api.scanSyncBinaryPost({
  body: new Blob([readFileSync('/path/to/file')])
});
console.log('Sync binary scan result:', scanResult);
Enter fullscreen mode Exit fullscreen mode

Check files for viruses and malware with Python

Neither, Java nor JS/TS are for you. Here is my last example for all Python developers out there.

The following listing explains how to scan a file for virus and malware by using the attachmentAV SDK.

First, install the package.

pip install attachmentav-virus-malware-scan-sdk
Enter fullscreen mode Exit fullscreen mode

Next, add the following lines to your Python code. Don't forget to replace <API_KEY_PLACEHOLDER> with the API belonging to your subscription. Also replace /path/to/file with the path to the file you want to scan.

import attachmentav

configuration = attachmentav.Configuration()
configuration.api_key['apiKeyAuth'] = "<API_KEY_PLACEHOLDER>"

with attachmentav.ApiClient(configuration) as api_client:
  api_instance = attachmentav.AttachmentAVApi(api_client)

with open("/path/to/file", "rb") as file:
    file_content = file.read()
    scan_result = api_instance.scan_sync_binary_post(file_content)
    print(scan_result)
Enter fullscreen mode Exit fullscreen mode

Wrapping Up: Better Safe Than Sorry

Securing file uploads should neither be a secondary thought nor a massive infrastructure headache. Whether you are building a small MVP or scaling an enterprise platform, the Virus and Malware Scan API by attachmentAV bridges the gap between "hoping for the best" and actually being protected.

Add virus and malware protection to your app today! Get started with attachmentAV's Virus and Malware Scan API.

Top comments (0)