Month in Review - February 2026

We are excited to announce a new member of the family: attachmentAV for GitHub. More on that in the following. Moreover, we shipped small improvements for attachmentAV for Salesforce and the Virus and Malware Scan API.

A lake surrounded by mountains with lots of snow. The skies are cloudy.

NEW: attachmentAV for GitHub

Mitigate the risk of shipping malicious files to users by scanning delivery artifacts for viruses, trojans, ransomware, and other kinds of malware by using attachmentAV for GitHub.

The widdix/attachmentav-github-action-malware-antivirus-scan action is available now and allows you to integrate virus protection into your deployment pipelines with ease, as shown in the following example.

name: Virus Scan for GitHub Actions

on:
  push:
    branches: [ main ]

permissions:
  contents: read

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Scan build output for viruses
        id: scan
        uses: widdix/attachmentav-github-action-malware-antivirus-scan@v1
        with:
          local-file-path: dist/app.zip
          api-key: ${{ secrets.ATTACHMENTAV_API_KEY }}

      - name: Display scan results
        run: |
          echo "Status: ${{ steps.scan.outputs.status }}"
          if [ "${{ steps.scan.outputs.status }}" = "clean" ]; then
            echo "✓ File is clean - safe to deploy"
          fi

To learn more, check out our detailed blog post, Automate Malware Scanning in GitHub Actions with attachmentAV’s Antivirus API.

attachmentAV for Salesforce

We shipped a bug fix to all customers automatically. attachmentAV for Salesforce no longer tries to scan notes, also known as ContentNotes. Formerly, attachmentAV tried but failed to scan ContentNotes.

attachmentAV API (SaaS)

We are updating the accepted TLS version and ciphers to ensure the privacy and integrity of data sent to our API. From now on, the following versions and ciphers are supported.

TLS 1.3

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256

TLS 1.2

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384

What’s next?

We are planning to work on new features for attachmentAV for Salesforce within the next few weeks.

Feedback

We are reliant on your feedback. Firstly, we draw our motivation from contact with our customers. Secondly, we continue to develop attachmentAV based on the requirements and wishes of our customers. We look forward to receiving your message at hello@attachmentav.com.

Published on March 3, 2026 | Written by Andreas

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.