Malware protection
Uploadcare automatically detects infected or malicious files, preventing your users from uploading them and helping you avoid distributing such files. Turning Malware protection on will make sure your app is secure and compliant. All files are checked by ClamAV (open-source antivirus engine).
Automatically on upload
You can choose between two options:
Block and notify — the user who uploads the malicious file will see a message in the widget.
A similar error message will be returned when making an API request.
Keep — the file will be uploaded; you can review and delete infected files in the Files section by switching All files to Infected.
Set up malware protection in the Configure section of the Uploading tab.
Various malware protection options are available on the Pro plan. Virus scanning may also be applied selectively for accounts on other plans for compliance and security reasons.
Note: When malware checking is disabled, uploading malicious files from external sources (e.g., Google Drive) may still be rejected by those sources, as they may prevent downloading them without additional confirmation.
You can also configure webhook, which will send an alert when infected file is found.
For already uploaded files
You can check a file for viruses with the REST API. For example, the file uploaded several months ago can be scanned using updated anti-virus databases.
Virus checking is currently available on the REST API v0.7 or higher via Add-Ons API.
First get your API keys.
Execute add-on on a target UUID:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/" \
-d "{\"target\": \"$UUID\"}"bashAs a request result, you will receive REQUEST_ID:
{
"request_id": "UUID"
}jsonYou can track execution status using request_id from previous request's
response:
curl -X GET \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/status/?request_id=$REQUEST_ID"bashAs a request result, the file's application data will be updated
when the status is done:
{
"status": "done"
}jsonAfter that, you can get a result of a virus scan by requesting
file info and looking into appdata:
curl -H "Accept: application/vnd.uploadcare-v0.7+json" \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/files/$UUID/?include=appdata"bashThere you will find infected param with a true
or false status, where false means that file isn't infected:
{
"appdata": {
"uc_clamav_virus_scan": {
"data": {
"infected": false
}
}
}
}jsonIf the file is infected, then the request result will look like this:
{
"appdata": {
"uc_clamav_virus_scan": {
"data": {
"infected": true,
"infected_with": "Win.Test.EICAR_HDB-1"
},
"datetime_created":"2022-12-20T10:11:53.291406Z",
"datetime_updated":"2022-12-20T12:18:31.465962Z",
"version":"0.105.1"
}
}
}jsonCheck out REST API reference for all details.
Removal of infected files
If you need to delete an infected file, the output request should look like this:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.uploadcare-v0.7+json' \
-H "Authorization: Uploadcare.Simple $YOUR_PUBLIC_KEY:$YOUR_SECRET_KEY" \
"https://api.uploadcare.com/addons/uc_clamav_virus_scan/execute/" \
-d "{\"params\":{\"purge_infected\":true}, \"target\":\"$UUID\"}"bashAPI integrations
You don't have to code most of the low-level API integrations. We have high-level libraries for all popular platforms: