Malware protection
On this page
Uploadcare automatically detects infected or malicious files, preventing your users from uploading them and helping you avoid distributing such files. Turning Malware protection on will make sure your app is secure and compliant. All files are checked by ClamAV (open-source antivirus engine).
Automatically on upload
You can choose between two options:
Block and notify — the user who uploads the malicious file will see a message in the widget.
A similar error message will be returned when making an API request.
Keep — the file will be uploaded; you can review and delete infected files in the Files section by switching All files to Infected.
Set up malware protection in the Configure section of the Uploading tab.
Various malware protection options are available on the Pro plan. Virus scanning may also be applied selectively for accounts on other plans for compliance and security reasons.
Note: When malware checking is disabled, uploading malicious files from external sources (e.g., Google Drive) may still be rejected by those sources, as they may prevent downloading them without additional confirmation.
You can also configure webhook, which will send an alert when infected file is found.
Webhook event
To get the job result, you need to enable file.info_updated
in the
Webhook section of the dashboard.
After completing the processing job, the webhook will be sent to the endpoint you specified in the webhook settings.
File information in response:
"initiator": {
"type": "addon",
"detail": {
"addon_name": "uc_clamav_virus_scan",
"request_id": ":request_id",
}
},
"hook": {
...
"event": "file.info_updated",
"is_active": true,
"version": "0.7",
...
},
"uuid": ":UUID",
"is_image": false,
"is_ready": true,
"metadata": {},
"appdata": {
"uc_clamav_virus_scan": {
"data": {
"infected": true,
"infected_with": "Win.Test.EICAR_HDB-1"
},
},
...
}
json
For already uploaded files
If your application does not have a backend or uses a mobile version, you can submit the request yourself.
You can check a file for viruses with the REST API. For example, the file uploaded several months ago can be scanned using updated anti-virus databases.
Virus checking is currently available on the REST API v0.7 or higher via add-ons API.
First get your API keys.
Execute virus check on a target UUID:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/" \
-d "{\"target\": \"$UUID\"}"
bash
As a request result, you will receive REQUEST_ID
:
{
"request_id": "UUID"
}
json
You can track execution status using request_id
from previous request's
response:
curl -X GET \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/status/?request_id=$REQUEST_ID"
bash
As a request result, the file's application data will be updated
when the status is done
:
{
"status": "done"
}
json
After that, you can get a result of a virus scan by requesting
file info and looking into appdata
:
curl -H "Accept: application/vnd.uploadcare-v0.7+json" \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/files/$UUID/?include=appdata"
bash
There you will find infected
param with a true
or false
status, where false
means that file isn't infected:
{
"appdata": {
"uc_clamav_virus_scan": {
"data": {
"infected": false
}
}
}
}
json
If the file is infected, then the request result will look like this:
{
"appdata": {
"uc_clamav_virus_scan": {
"data": {
"infected": true,
"infected_with": "Win.Test.EICAR_HDB-1"
},
"datetime_created":"2022-12-20T10:11:53.291406Z",
"datetime_updated":"2022-12-20T12:18:31.465962Z",
"version":"0.105.1"
}
}
}
json
Check out REST API reference for all details.
Removal of infected files
If you need to delete an infected file, the output request should look like this:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/" \
-d "{\"params\":{\"purge_infected\":true}, \"target\":\"$UUID\"}"
bash
API integrations
You don't have to code most of the low-level API integrations. We have high-level libraries for all popular platforms:
Billing
- This feature is available on any plan. We force-scan all files for viruses when uploading, but you can additionally rescan the file with a more recent virus database.
- Learn how we charge for this operation.