Antivirus for Java Applications - Protect Uploads from Malware

Java remains the backbone of enterprise systems, powering everything from customer portals and document management platforms to internal tools that process thousands of uploads daily. Every file that enters your application—whether it arrives through a REST endpoint, a web form, or an integration with a third-party service—is a potential carrier for viruses, trojans, or ransomware. Attackers know that many backend systems store and redistribute uploaded files without inspecting them first, turning your Java application into an unwitting distribution channel for malware. Regulatory frameworks such as GDPR, HIPAA, and SOC 2 make it clear: organizations must take active steps to validate user-uploaded files before processing or storing them.

The good news is that adding antivirus capabilities to a Java application does not require installing local scanning daemons or managing signature databases. The Virus and Malware Scan API by attachmentAV gives developers a cloud-based scanning solution powered by Sophos, one of the most trusted names in virus and malware detection. You send a file or URL over HTTPS, and the API returns a verdict—clean, infected, or unable to scan—in seconds.

About the Virus and Malware Scan API

The attachmentAV API is a Software-as-a-Service solution that lets developers integrate virus and malware protection into any application with a simple REST call. The scanning engine is powered by Sophos, providing enterprise-grade detection of viruses, malware, ransomware, and trojans. The API is available in four regions—Europe, United States, Canada, and India—and supports both synchronous and asynchronous scanning modes. You do not need to maintain any antivirus infrastructure yourself.

Prefer to run the scanning engine in your own cloud? attachmentAV also offers a self-hosted solution deployed on AWS, giving you full control over data residency and network boundaries. The rest of this guide focuses on the SaaS API.

Add the Maven Dependency

The attachmentAV Java SDK is published on Maven Central. Add it to your pom.xml to get started.

<dependency>
  <groupId>com.attachmentav</groupId>
  <artifactId>virus-scan-sdk</artifactId>
  <version>0.6.0</version>
</dependency>

You will need an active subscription and API key to authenticate requests. Plans are available for 10,000, 50,000, or 100,000 scans per month. Replace <API_KEY_PLACEHOLDER> in the examples below with your key.

Scan a File Upload for Viruses

The most direct way to protect your Java application is to scan each uploaded file before it reaches your storage layer. Read the file and pass it to the synchronous binary scan endpoint. The API returns the result immediately, keeping the virus scan in your request lifecycle.

import com.attachmentav.api.AttachmentAvApi;
import com.attachmentav.client.ApiClient;
import com.attachmentav.client.ApiException;
import com.attachmentav.client.Configuration;
import com.attachmentav.model.ScanResult;
import java.io.File;

// ...

ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("<API_KEY_PLACEHOLDER>");
AttachmentAvApi api = new AttachmentAvApi();
ScanResult result = api.scanSyncBinaryPost(new File("/path/to/file"));
System.out.println("Scan Result: " + result.getStatus());

The response contains a status field: clean means no threat was found, infected means the Sophos engine flagged a virus or malware, and no means the file could not be scanned. When a file is infected, the finding field identifies the specific threat, such as a trojan or ransomware variant.

Scan a Remote URL for Malware

When your Java application processes files hosted at external URLs—webhook payloads, partner exports, or user-provided links—you can delegate the download to attachmentAV. The API fetches the file and runs the virus scan without the bytes ever touching your server.

import com.attachmentav.api.AttachmentAvApi;
import com.attachmentav.client.ApiClient;
import com.attachmentav.client.ApiException;
import com.attachmentav.client.Configuration;
import com.attachmentav.model.ScanResult;
import com.attachmentav.model.SyncDownloadScanRequest;

// ...

ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("<API_KEY_PLACEHOLDER>");
AttachmentAvApi api = new AttachmentAvApi();
SyncDownloadScanRequest request = new SyncDownloadScanRequest();
request.setDownloadUrl("https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf");
ScanResult result = api.scanSyncDownloadPost(request);
System.out.println("Scan Result: " + result.getStatus());

This approach supports files up to 200 MB with a 60-second timeout, which covers the vast majority of document and image uploads.

Handle Large Files with Asynchronous Virus Scanning

For files that exceed the synchronous size limit or when you want to decouple virus scanning from your request handling, use the asynchronous mode. Submit a scan job with a unique trace_id, then poll the result endpoint until the scan completes. Asynchronous scanning supports files up to 5 GB.

import com.attachmentav.api.AttachmentAvApi;
import com.attachmentav.client.ApiClient;
import com.attachmentav.client.ApiException;
import com.attachmentav.client.Configuration;
import com.attachmentav.model.AsyncDownloadScanRequest;
import com.attachmentav.model.ScanResult;
import java.util.UUID;

// ...

ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("<API_KEY_PLACEHOLDER>");
AttachmentAvApi api = new AttachmentAvApi();
String traceId = UUID.randomUUID().toString();
AsyncDownloadScanRequest request = new AsyncDownloadScanRequest();
request.setTraceId(traceId);
request.setDownloadUrl("https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf");
api.scanAsyncDownloadPost(request);
System.out.println("Async download submitted. Start to poll for scan result...");
int i = 0;
while (true) {
    try {
        System.out.println('.');
        ScanResult scanResult = api.scanAsyncResultGet(traceId);
        System.out.println("Async download scan result: " + scanResult);
        System.exit(0);
    } catch (ApiException e) {
        if (e.getCode() == 404) {
            i++;
            if (i < 10) {
                Thread.sleep(5000);
            } else {
                System.err.println("Async download scan result not found");
                System.exit(1);
            }
        } else {
            throw e;
        }
    }
}

As an alternative to polling, you can pass a callback_url when submitting the scan job. The API will POST the virus scan result directly to your endpoint once scanning is complete. See the callback documentation for payload details and signature verification.

Choosing a Response Mode for Your Java Application

	Synchronous	Asynchronous
Best for	Inline upload validation	Background processing, large files
Max file size	10 MB (binary), 200 MB (URL)	5 GB
Timeout	60 seconds	No limit
Result delivery	HTTP response	Polling or callback

Start Scanning Files in Your Java Application

Integrating antivirus protection into a Java application takes just a Maven dependency and a few lines of code. The Sophos-powered Virus and Malware Scan API by attachmentAV handles the heavy lifting—virus detection, malware classification, ransomware identification—so you can focus on building your application instead of managing scanning infrastructure.

Subscribe to the attachmentAV API and start protecting your Java application from malicious file uploads today.

Published on April 1, 2026 | Written by Andreas