Antivirus for Python Developers - Secure File Handling with Sophos

If your Python application accepts file uploads from users, it is only a matter of time before someone—intentionally or not—submits a file carrying a virus, trojan, or ransomware payload. Web applications built with Django or Flask, data pipelines ingesting CSV or PDF files, and automation scripts pulling attachments from emails or APIs are all vulnerable. A single infected file that slips through can propagate across your infrastructure, compromise downstream systems, or violate data protection regulations like GDPR and HIPAA. The most effective defense is to treat every incoming file as untrusted and run a virus scan before your application processes it.

This post shows Python developers how to add antivirus capabilities using the attachmentAV Virus and Malware Scan API. Rather than installing and maintaining a local scanning daemon, you make an API call over HTTPS and get back a malware verdict in seconds. The detection engine behind the API is Sophos—an industry leader in identifying viruses, trojans, ransomware, and other threats.

Install the Python SDK

The attachmentAV SDK is available on PyPI. A single pip command adds virus scanning capabilities to your Python project.

pip install attachmentav-virus-malware-scan-sdk

To authenticate with the API, you need an active subscription and API key. Three plans are available—10,000, 50,000, or 100,000 requests per month. The Setup Guide walks you through onboarding.

Scan Files Uploaded to Your Python App

The synchronous binary scan is the fastest path to malware protection. Read the uploaded file and send its contents to the API. The virus scan result is returned directly in the HTTP response, so you can accept or reject the file inline.

import attachmentav

configuration = attachmentav.Configuration()
configuration.api_key['apiKeyAuth'] = "<API_KEY_PLACEHOLDER>"

with attachmentav.ApiClient(configuration) as api_client:
  api_instance = attachmentav.AttachmentAVApi(api_client)

with open("/path/to/file", "rb") as file:
    file_content = file.read()
    scan_result = api_instance.scan_sync_binary_post(file_content)
    print(scan_result)

The status field in the response tells you the outcome: clean if no threat was detected, infected if the Sophos engine found a virus or malware, or no if the file could not be processed. For infected files, the finding field names the exact threat.

Let the API Fetch and Virus Scan URLs

Sometimes the file you need to check is not on your server—it sits behind a public URL, perhaps a link shared by a user or returned by a third-party webhook. Instead of downloading untrusted content into your Python application, hand the URL to attachmentAV and let the API pull and scan it for you.

import attachmentav

configuration = attachmentav.Configuration()
configuration.api_key['apiKeyAuth'] = "<API_KEY_PLACEHOLDER>"

with attachmentav.ApiClient(configuration) as api_client:
  api_instance = attachmentav.AttachmentAVApi(api_client)

sync_download_scan_request = attachmentav.SyncDownloadScanRequest(
  download_url = "https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf"
)
scan_result = api_instance.scan_sync_download_post(sync_download_scan_request)
print(scan_result)

This keeps the untrusted bytes off your infrastructure entirely while still giving you a reliable malware verdict.

Process Large Files Asynchronously with a Callback

For files larger than the synchronous limit or for workflows where you want virus scanning to happen in the background, use the asynchronous mode with a callback URL. Submit the scan job, and attachmentAV will POST the result to your endpoint once scanning is complete. This mode supports files up to 5 GB.

import attachmentav

configuration = attachmentav.Configuration()
configuration.api_key['apiKeyAuth'] = "<API_KEY_PLACEHOLDER>"

with attachmentav.ApiClient(configuration) as api_client:
  api_instance = attachmentav.AttachmentAVApi(api_client)

async_download_scan_request = attachmentav.AsyncDownloadScanRequest(
  download_url = "https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf",
  callback_url = "https://api.yourcompany.com/attachmentav/callback"
)
api_instance.scan_async_download_post(async_download_scan_request)

The callback payload includes the status, finding, file size, and timing information. You can also pass a trace_id and custom_data to correlate results with your internal records. See the callback documentation for signature verification details.

If you prefer polling over callbacks, pass a trace_id without a callback_url and query the GET /v1/scan/async/result endpoint until the scan completes.

What Makes the attachmentAV API Different

The Virus and Malware Scan API is more than a wrapper around a detection engine. Here is what you get as a developer:

• Sophos-powered scanning — enterprise-grade detection of viruses, malware, ransomware, and trojans, without managing signature updates.
• Four API regions — Europe, United States, Canada, and India. Pick the region closest to your infrastructure for the lowest latency.
• Sync and async modes — scan files up to 10 MB inline, or offload larger files (up to 5 GB) to the async pipeline with callbacks or polling.
• No infrastructure to manage — the API runs as a fully managed SaaS. No daemons, no containers, no maintenance windows.

Self-Hosted Option on AWS

If your compliance or data residency requirements demand that files never leave your own cloud, attachmentAV offers a self-hosted version that deploys directly into your AWS account. It provides the same scanning capabilities with full control over the environment.

Protect Your Python Application Today

Every file your application accepts is a trust decision. With the attachmentAV SDK and the Sophos-powered Virus and Malware Scan API, you can make that decision an informed one—rejecting viruses, malware, and ransomware before they ever touch your storage.

Subscribe to the attachmentAV API and add antivirus protection to your Python application in minutes.