Skip to main content

Scan files for malicious code


The system must validate that the content of the files transferred to it is free of malicious code.


  • CAPEC-17: Using Malicious Files: An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it.

  • CAPEC-23: File Content Injection: An attack of this type exploits the host's trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files.

  • CAPEC-165: File Manipulation: An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application.

  • CAPEC-549: Local Execution of Code: An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact.

  • CIS Controls. 2.7 Utilize Application Whitelisting: Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets.

  • CWE-509: Replicating Malicious Code (Virus or Worm): Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software.

  • CWE-749: Exposed Dangerous Method or Function: The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

  • NERC CIP-003-8. Attachment 1. Section 5 - 5.1: Each Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more plan(s) to achieve the objective of mitigating the risk of the introduction of malicious code to low impact BES Cyber Systems. The plan(s) shall include antivirus software, or other method(s) to mitigate the introduction of malicious code.

  • OWASP-ASVS v4.0.1 V10.1 Code Integrity Controls.(10.1.1): Verify that a code analysis tool is in use that can detect potentially malicious code, such as time functions, unsafe file operations and network connections.

  • OWASP-ASVS v4.0.1 V12.4 File Storage Requirements.(12.4.2): Verify that files obtained from untrusted sources are scanned by antivirus scanners to prevent upload of known malicious content.

  • PCI DSS v3.2.1 - Requirement 5.1.1: Ensure that anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.