User uploads

User-generated content is increasing user engagement and conversions. But photos, videos, and other uploads can contain malware. By implementing real-time scanning, organizations can proactively detect and neutralize malware before it causes any harm. Organizations can safeguard their systems by scanning user uploads, maintaining user trust, and securing confidential information.

Scanning user-generated content (UGC) for malware is important for several reasons:

  • Security: UGC can contain malware that can harm the system, steal sensitive information, or spread it to other users, leading to widespread security breaches.
  • Data protection: UGC may contain sensitive or confidential information, and scanning it for malware helps protect it from being compromised.
  • Reputation: UGC can spread malicious content, potentially damaging the reputation of the website, company, or organization that is hosting the content.
  • Compliance: Some industries and regulatory bodies may require scanning UGC for malware as part of their compliance requirements.
  • User trust: By scanning UGC for malware, organizations demonstrate their commitment to security and help build user trust in their systems.

Scanning UGC for malware is integral to a comprehensive security plan and helps protect systems, data, and users from potential threats.

We recommend scanning files periodically as well. The malware signature database is updated constantly, and previously clean files could be detected in the meantime. The Scan bucket at regular intervals Add-On enqueues all files from one or multiple buckets for scanning at regular intervals.

Our customers use the following options to defend against malicious user uploads in real-time:

Staging bucket (#)

The easiest way to ensure that users can download only clean files is to use two buckets—one for uploads and one for downloads. The Move Clean Files Add-On moves clean files from the staging bucket to the target bucket.

One risk to consider is that this approach does not include a periodic full bucket scan. A file that was clean when uploaded could be detected as infected by the latest signature update. If you can tolerate infected files being removed from the target bucket, you can add the Scan bucket at regular intervals Add-On.

Setup (#)

  1. Create a new S3 staging bucket to store temporary user uploads.
  2. Follow the Getting started guide (reporting part is optional).
  3. Install the Move clean files Add-On.

Application integration (#)

If you use S3 pre-signed URLs for sharing files, you can check the scan result before your application creates the pre-signed URL and returns it to the user.

Two common implementations:

  1. You can call the S3 GetObjectTagging API to get the bucketav tag with the scan result.
  2. You can store the scan results in your database and check against your database. This option also allows the possibility of notifying the file owner about infections.

Setup (#)

  1. Follow the Getting started guide (reporting part is optional).
  2. Set the DeleteInfectedFiles configuration parameter to false.
  3. Integrate the scan results into your application.

Block infected file download (#)

You can allow downloads from the public only if the file is clean using an S3 bucket policy. Therefore, you block downloads of infected and unscanned files.

Replace BUCKET_NAME with the name of your S3 bucket.

  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "bucketAVAllowClean",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject*",
    "Resource": "arn:aws:s3:::BUCKET_NAME/*",
    "Condition": {
      "StringEquals": {
        "s3:ExistingObjectTag/bucketav": "clean"

Setup (#)

  1. Follow the Getting started guide (reporting part is optional).
  2. Set the DeleteInfectedFiles configuration parameter to false.
  3. Apply the bucket policy from above to the S3 bucket.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email