Protecting Your Node.js Express Application with Malware Scanning Middleware

When building web applications with Node.js and Express.js, handling user file uploads safely is critical. Every uploaded file is a potential security risk—malware, viruses, and other malicious content can compromise your infrastructure and harm your users. Before processing any uploaded file, implementing antivirus scanning is essential.

Protecting Your Node.js Express Application with Malware Scanning Middleware

The Problem: Unsecured File Uploads

Companies receive files from external sources daily through their web applications. Without proper malware detection, a single infected file can:

  • Compromise your server infrastructure
  • Spread viruses to other systems
  • Expose sensitive data
  • Damage your reputation

Traditional antivirus solutions often require complex server installations and ongoing maintenance. Modern applications need a simpler, API-driven approach to malware scanning.

The Solution: Express.js Middleware with attachmentAV API

By integrating attachmentAV’s malware scanning API directly into your Express.js middleware, you can scan files in real-time as users upload them. This approach provides immediate virus detection without the overhead of managing antivirus software on your servers.

Single File Upload with Malware Scanning

Here’s how to implement malware scanning for single file uploads in your Node.js Express application:

const express = require('express');
const multer = require('multer');
const { Readable } = require('stream');

const app = express();
const upload = multer({
  storage: multer.memoryStorage(),
  limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});

app.post('/upload', upload.single('file'), async (req, res) => {
  if (!req.file) {
    return res.status(400).json({ error: 'No file uploaded' });
  }

  try {
    // Convert buffer to stream
    const fileStream = Readable.from(req.file.buffer);

    // Scan file with attachmentAV API
    const response = await fetch('https://eu.developer.attachmentav.com/v1/scan/sync/binary', {
      method: 'POST',
      headers: {
        'X-API-Key': process.env.ATTACHMENTAV_API_KEY,
        'Content-Type': req.file.mimetype,
        'Content-Length': req.file.size
      },
      body: fileStream,
      duplex: 'half'
    });

    if (!response.ok) {
      return res.status(500).json({
        error: 'Malware scan failed',
        status: response.status
      });
    }

    const result = await response.json();

    // Check if virus detected
    if (result.status === 'infected') {
      return res.status(400).json({
        error: 'Malware detected',
        findings: result.findings
      });
    }

    // File is clean - proceed with upload
    res.json({
      message: 'File uploaded successfully',
      filename: req.file.originalname
    });

  } catch (error) {
    res.status(500).json({ error: 'Upload failed' });
  }
});

How It Works

The middleware implementation follows a secure workflow:

  1. File Reception: Multer captures the uploaded file in memory using memoryStorage()
  2. Stream Conversion: The file buffer is converted to a readable stream
  3. API Scanning: The stream is sent to attachmentAV’s malware scanning endpoint
  4. Virus Detection: The API returns the scan status and any detected threats
  5. Response Handling: Clean files proceed; infected files are rejected immediately

This approach ensures no malicious files reach your application logic or storage systems.

Multiple File Upload Support

The example repository also demonstrates concurrent scanning of multiple files with rate limiting to prevent API throttling. When processing batch uploads, the middleware can scan multiple files simultaneously while maintaining performance and security.

For details on implementing multiple file uploads with malware detection, refer to the complete implementation on GitHub.

Key Benefits

Real-time Protection: Files are scanned synchronously before your application processes them, providing immediate antivirus protection.

API-Driven: No need to install or maintain traditional antivirus software on your servers.

Scalable: The attachmentAV API handles the computational overhead of malware detection.

Easy Integration: Simple middleware pattern fits naturally into Express.js applications.

Getting Started

To implement this malware scanning solution in your Node.js application:

  1. Sign up for an attachmentAV API key
  2. Clone the example repository: git clone https://github.com/widdix/attachmentav-example-nodejs-express-middleware
  3. Install dependencies: npm install
  4. Set your API key: ATTACHMENTAV_API_KEY="API_KEY_PLACEHOLDER" npm run serve
  5. Test the implementation at http://localhost:3000

Production Considerations

When deploying to production, enhance your middleware with:

  • File type validation to restrict allowed formats
  • Request rate limiting to prevent abuse
  • User authentication to control access
  • HTTPS enforcement for secure transmission
  • Error handling that doesn’t expose internal details

Conclusion

Protecting your Node.js Express application from malware doesn’t require complex infrastructure. By integrating attachmentAV’s API into your file upload middleware, you gain enterprise-grade virus detection with minimal code. The middleware pattern ensures every uploaded file undergoes antivirus scanning before reaching your application logic, keeping your infrastructure and users safe.

Get started today with the complete example on GitHub and add malware scanning to your Express.js application in minutes.

Published on January 26, 2026 | Written by Michael

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.