Malware Scanning API: How to Scan Files for Viruses via API

If your application accepts files, you need to know whether those files are safe before you store, share, or process them. Installing and maintaining an antivirus engine on your own servers is one way to do that—but it is rarely the option developers reach for today. A malware scanning API lets you send a file to a managed service over HTTPS and get back a clean-or-infected verdict in seconds, with no engine to install, no signature databases to update, and no infrastructure to scale.

Malware Scanning API: How to Scan Files for Viruses via API

This post explains what a malware scanning API is, how it works, what to look for when choosing one, and how to scan your first file with the attachmentAV Virus and Malware Scan API.

What is a malware scanning API?

A malware scanning API is a web service that inspects files for viruses, trojans, ransomware, and other threats and returns a verdict your application can act on. Instead of running a scanning daemon yourself, you make a single HTTPS request—sending either the file’s bytes or a URL—and the service performs the detection. The result tells you whether the file is clean or infected and, when a threat is found, names it.

This model fits modern applications well: it is language-agnostic, scales automatically, and keeps the heavy, constantly-changing work of malware detection—signatures, heuristics, engine updates—on the provider’s side.

How a malware scanning API works

Most scanning APIs offer two modes:

  • Synchronous — you send the file and receive the verdict in the same request. This is ideal for real-time upload flows where you accept or reject a file inline. The attachmentAV API scans files up to 10 MB as a binary, or up to 200 MB by URL, synchronously.
  • Asynchronous — you submit the file or a URL, and the service delivers the result to a callback URL or you poll for it. This suits large files and background processing. The attachmentAV API handles files up to 5 GB asynchronously.

Here is a synchronous scan using the attachmentAV API. Send the file, read the status:

import { AttachmentAVApi, Configuration } from '@attachmentav/virus-scan-sdk-ts';

const api = new AttachmentAVApi(new Configuration({ apiKey: '<API_KEY_PLACEHOLDER>' }));

const scanResult = await api.scanSyncBinaryPost({
  body: new Blob([fileBuffer])
});

// status is 'clean', 'infected', or 'no'
if (scanResult.status === 'infected') {
  console.error(`Threat detected: ${scanResult.finding}`);
}

SDKs are available for several languages—see our guides for Python, Java, Node.js, PHP, and TypeScript—and the REST API works from any language or framework.

How to choose a malware scanning API

Not all scanning APIs are equal. A few criteria matter more than the rest:

  • Detection engine. Ask which engine actually performs detection. Some APIs hide it; others rely on the free, open-source ClamAV, whose out-of-the-box detection lags well behind commercial engines. attachmentAV is powered by Sophos—a named, enterprise-grade engine with continuously updated signatures and zero-day protection.
  • Privacy and data residency. Your files are sensitive. Check where they are processed, how long they are retained, and whether the provider shares them. attachmentAV is ISO 27001 certified and GDPR compliant, encrypts data in transit and at rest, and deletes files immediately after processing. Free, community-driven services often share submitted files—a non-starter for confidential content.
  • Regions. Latency and data residency both depend on where the scan runs. attachmentAV offers regions in Europe, the United States, Canada, India, and Australia.
  • File size and modes. Make sure both your small inline uploads and your large background files are covered—synchronous and asynchronous.
  • Self-hosted option. If files must never leave your own cloud, a self-hosted deployment matters. attachmentAV can be deployed into your own AWS account, where your data never leaves your environment.
  • Transparent pricing. Look for published, predictable pricing rather than “contact sales.” The attachmentAV plans start at a flat monthly rate.

Scan your first file

Getting started takes minutes: subscribe to the attachmentAV API to get an API key, install the SDK for your language (or call the REST endpoint directly), and send your first file. The setup guide walks through the details.

A malware scanning API turns “is this file safe?” into a single function call—so you can keep viruses, ransomware, and trojans out of your application without running antivirus infrastructure yourself.

Subscribe to the attachmentAV API and add malware scanning to your application today.


Published on July 6, 2026 | Written by Andreas

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.