Introducing the attachmentAV CLI: Scan Files for Malware from the Command Line

We’re excited to announce a new way to use the attachmentAV Virus and Malware Scan API: a command-line interface. The attachmentAV CLI lets you scan files for malware straight from your terminal, shell scripts, or CI pipelines — no SDK integration required.

attachmentAV CLI

Why a CLI?

We already ship SDKs for Java, Python, and JavaScript/TypeScript for embedding malware scanning into applications. But a lot of day-to-day work happens outside application code: triaging a suspicious download, checking a file before sharing it, scanning an artifact inside a shell script, or wiring a quick check into a cron job. For those workflows, pulling in an SDK is overkill. A single binary on your PATH is a better fit.

Installation

Prebuilt binaries for Linux, macOS, and Windows are attached to each GitHub release. Download the archive for your platform, extract it, and place attachmentav (or attachmentav.exe) somewhere on your PATH.

Example for Linux (x86_64):

curl -L -o attachmentav.tar.gz \
  https://github.com/widdix/attachmentav-cli/releases/latest/download/attachmentav-vX.Y.Z-x86_64-unknown-linux-gnu.tar.gz
tar -xzf attachmentav.tar.gz
sudo mv attachmentav-*/attachmentav /usr/local/bin/

On macOS, clear the quarantine attribute after extraction:

xattr -d com.apple.quarantine /path/to/attachmentav

Scan your first file

Get an API key by subscribing to the attachmentAV API and export it:

export ATTACHMENTAV_API_KEY=<your-api-key>

Scan a file by path:

attachmentav path/to/file

Or pipe data on stdin — handy for remote files you don’t want to persist to disk:

curl -s https://example.com/some-file | attachmentav

Select a regional endpoint with --region or ATTACHMENTAV_REGION (eu, us, canada, india):

attachmentav --region us path/to/file

Built for scripting

The CLI is designed for shell scripts and CI jobs. It communicates the scan result via exit codes, so you can chain it with &&, ||, or if:

  • 0 — file is clean
  • 1 — file is infected
  • 2 — error (I/O, authentication, network, or unexpected response)

A typical guard in a deployment script:

if attachmentav dist/app.zip; then
  echo "Clean — proceeding with deploy"
  ./deploy.sh
else
  echo "Scan failed or file is infected — aborting"
  exit 1
fi

Pass --json to get the raw API response instead of a human-readable status, for example when you want to extract the detected real file type or the malware finding in a downstream step.

Limits

The CLI uses the synchronous scan endpoint and is limited to files up to 10 MB. For larger files, use the asynchronous API directly via one of our SDKs or the attachmentAV GitHub Action, which automatically switches between the sync and async endpoints based on file size.

Get started

  1. Subscribe to the attachmentAV Virus and Malware Scan API to obtain an API key.
  2. Download the CLI from GitHub Releases.
  3. Export ATTACHMENTAV_API_KEY and run attachmentav path/to/file.

Full documentation: CLI help page.

Published on April 21, 2026 | Written by Andreas

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.