Antivirus for TypeScript Apps - Ship Secure Code

Shipping a TypeScript application without antivirus protection for file uploads is like deploying without input validation—it works until it does not. The moment your app accepts a file from the outside world, whether through a REST API, a form submission, or a cloud storage integration, you open a channel that attackers can exploit. Malicious actors embed viruses in PDFs, hide ransomware in ZIP archives, and disguise trojans as innocent image files. A single infected upload can ripple through your system: stored in your database, served to other users, picked up by downstream services. Beyond the technical damage, unscanned files put you at risk of violating GDPR, HIPAA, or SOC 2 requirements that mandate controls on user-submitted content.

The attachmentAV Virus and Malware Scan API gives TypeScript developers a straightforward way to add antivirus protection. It is a fully managed SaaS—no antivirus daemon to install, no virus definition databases to update, no infrastructure to maintain. You call the API, it scans the file using the Sophos detection engine, and you get back a clear result. Sophos is one of the most established names in malware protection, trusted by enterprises worldwide for catching viruses, trojans, ransomware, and zero-day threats.

Quick Setup

Install the SDK from npm. It ships with TypeScript type definitions included.

npm i @attachmentav/virus-scan-sdk-ts

You will need an API key. Pick a subscription plan that matches your scanning volume—10k, 50k, or 100k requests per month—and you are set up in minutes.

Scan User-Uploaded Files for Viruses

The core use case for antivirus in any application: scan a file immediately after the user uploads it, before it reaches your storage. The synchronous binary endpoint accepts the raw file and returns the Sophos scan result within seconds.

import { AttachmentAVApi, Configuration } from '@attachmentav/virus-scan-sdk-ts';
import { readFileSync } from 'node:fs';
import { Blob } from 'node:buffer';

const config = new Configuration({
  apiKey: '<API_KEY_PLACEHOLDER>'
});

const api = new AttachmentAVApi(config);

const scanResult = await api.scanSyncBinaryPost({
  body: new Blob([readFileSync('/path/to/file')])
});

if (scanResult.status === 'infected') {
  console.error(`Malware detected: ${scanResult.finding}`);
  // reject the file
} else if (scanResult.status === 'clean') {
  console.log('File is clean, proceeding with upload');
  // store the file
}

The status field is clean, infected, or no (when the engine cannot process the file). For infected files, finding tells you the specific threat—such as a ransomware family or trojan variant. The realfiletype field reveals the actual file type detected by Sophos, regardless of the file extension the user provided.

Scan Untrusted URLs for Malware

When your TypeScript app needs to process a file from an external URL—a link submitted by a user, a download URL from a webhook, or a file shared via a third-party integration—you can offload both the download and the virus scan to the API. The untrusted content never reaches your server.

import { AttachmentAVApi, Configuration } from '@attachmentav/virus-scan-sdk-ts';

const config = new Configuration({
  apiKey: '<API_KEY_PLACEHOLDER>'
});

const api = new AttachmentAVApi(config);

const scanResult = await api.scanSyncDownloadPost({
  syncDownloadScanRequest: {
    downloadUrl: 'https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf'
  }
});
console.log('Scan result:', scanResult);

This mode handles files up to 200 MB with a 60-second timeout.

Background Virus Scanning for Large Files

Production applications often need to handle files that are too large for synchronous scanning, or you may want to decouple the virus scan from your API response time. The asynchronous mode supports files up to 5 GB. Pass a callbackUrl and attachmentAV will deliver the result to your server when the scan finishes.

import { AttachmentAVApi, Configuration } from '@attachmentav/virus-scan-sdk-ts';

const config = new Configuration({
  apiKey: '<API_KEY_PLACEHOLDER>'
});

const api = new AttachmentAVApi(config);

await api.scanAsyncDownloadPost({
  asyncDownloadScanRequest: {
    downloadUrl: 'https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf',
    callbackUrl: 'https://api.yourcompany.com/attachmentav/callback'
  }
});
console.log('Async download submitted');

The callback payload contains the status, finding, file size, and scan timing. You can verify its authenticity using the RSA-SHA256 signature included in the request headers. Full details are in the callback documentation.

If polling suits your architecture better, pass a traceId instead of a callback and query the result endpoint periodically.

Why Sophos for Virus Scanning

The attachmentAV API is powered by the Sophos detection engine. This is not a hobby scanner—Sophos is an enterprise-grade malware protection platform that detects:

• Viruses — known malware signatures across all major file types
• Ransomware — file-encrypting threats before they can execute
• Trojans — malicious payloads hidden inside legitimate-looking files
• Zero-day threats — behavioral and heuristic detection beyond signature matching

All of this runs behind a simple API call. No engine updates, no signature downloads, no operational burden on your team.

Deploy on Your Own AWS Infrastructure

For organizations that require files to stay within their own cloud boundaries, attachmentAV offers a self-hosted deployment on AWS. Same Sophos engine, same API interface, full control over the infrastructure and data flow.

Ship Your TypeScript App with Antivirus Built In

Adding antivirus protection to a TypeScript application is not a major engineering effort—it is an npm install and a handful of API calls. The attachmentAV Virus and Malware Scan API, powered by Sophos, gives you production-grade malware detection without the operational overhead of running your own scanning infrastructure.

Stop shipping without file validation. Subscribe to the attachmentAV API and protect your TypeScript app from malicious uploads.