Cloudinary Blog

How To Prevent Malware And Detect Infected User Uploads

How To Prevent Malware in Malicious File Upload

Social networking sites allow users to upload images or other types of files that are immediately available to other users via news feeds or notifications. In some cases, attackers can directly spread infected files, but more commonly, they leverage the viral effect and the fact that users are simply unaware that their files are infected through sharing and collaborating with others. As a site owner or application developer, it is your responsibility to protect users and prevent these situations from occurring. Fortunately, Cloudinary makes this easier with its Metascan add-on.

How to prevent malware in malicious file upload

Cloudinary's image management allows you to file upload, along with other files like PDFs, directly from your users’ browsers or mobile applications. While most modern image formats are fairly safe, nothing is guaranteed, and the various other file formats that users use to upload and share may be infected with malicious code. We want to ensure that you and your users are safe so that there's no chance of malware creeping into uploaded files. With Cloudinary's Metascan add-on, you can detect and prevent advanced known and unknown malware and threats by scanning and sanitizing your users' uploaded files.

Webinar
How to Optimize for Page Load Speed

Metascan anti-malware add-on

Brought to you by OPSWAT, Metascan is fully integrated into Cloudinary’s image management and manipulation service. While uploading images to the cloud using Cloudinary’s upload API, you can set the moderation upload API parameter to metascan in order to request to have your uploaded images and other files automatically scanned and removed if malware is detected. It’s also possible to select batches of previously uploaded files to scan using Cloudinary’s API.

With the Metascan add-on, you don't need to install any anti-malware software or build a file scanning pipeline. By simply using Cloudinary's image upload API, or Admin API for previously uploaded images, all of your images can be scanned and moderated accordingly.

Below is a sample code that requests a Metascan scan of a PDF document that is being uploaded to Cloudinary.

Ruby:
Copy to clipboard
Cloudinary::Uploader.upload("local_file.pdf", 
  :moderation => "metascan")
PHP:
Copy to clipboard
\Cloudinary\Uploader::upload("local_file.pdf", 
  array("moderation" => "metascan"));
Python:
Copy to clipboard
cloudinary.uploader.upload("local_file.pdf",
  moderation = "metascan")
Node.js:
Copy to clipboard
cloudinary.uploader.upload("local_file.pdf", 
  function(result) { console.log(result); }, 
  { moderation: "metascan" });
Java:
Copy to clipboard
cloudinary.uploader().upload("local_file.pdf", 
  ObjectUtils.asMap("moderation", "metascan"));

With this request, Metascan performs scans with anti-malware engines (ESet, AVG, ClaimWin and Norman) on images and files that are being uploaded. Scanning is done asynchronously within seconds, meaning there is no impact on user experience. If Metascan detects malware in a file, the file is removed and the CDN cache is invalidated. The original file is stored in secondary storage, which enables you to recover it in case you want to override the Metascan results.

Additionally, you can set up notifications that let you know which files were marked as safe or rejected. You have the option of scanning your user uploaded files with Cloudinary before publishing them, allowing you to share only uploaded content that you know has gotten the green light.

As you can see in the screenshot below, Cloudinary’s online media library allows you to further control this process with multiple lists of pending scan requests, and approved or rejected files, permitting you to override these results if necessary. These can also be performed by the API. For example, if a user reports a file that wasn’t initially found to be malicious, you can mark it as problematic with a single click or API call and remove it or approve it if you think that it was mistakenly marked as containing malware. See our documentation to learn more about the Metascan add-on.

Metascan moderation queue

Final Notes

With all of the cyber threats in the world today, sharing on social networks makes malware distribution fast and dangerous. While most image formats are relatively safe, other formats, such as PDFs, are more risky. At Cloudinary, we are committed to helping you protect your users, website or web application from malware and viruses. Using Cloudinary’s Metascan add-on prevents vulnerabilities and enhances overall site security.

Metascan add-on screenshot

You can try the Metascan add-on for free, just by subscribing to the free add-on plan. If you don't have a Cloudinary account yet, sign up for a free account here.


Further Reading on File Upload

Recent Blog Posts

Automate the Staging Process of Videos for Social Media

Rich and engaging media helps build customer engagement and trust but can be time consuming to stage. Developers save a tremendous amount of time by preparing videos for social media with Cloudinary. That’s because Cloudinary’s interface, widgets, and application programming interface (API) transform raw media into polished content, optimizing footage and enabling effortless customization and publishing.

Read more

Top Five Web-Video Formats of 2021

By William Imoh
The Five Most Popular Web-Video Formats and Streaming Protocols

Over the past 15 years, the video industry has undergone a significant change in video formats on the web. In particular, in the early 2010s, the 3GP format, which the 3rd Generation Partnership Project (3GPP) created for 3G-enabled mobile devices, went nearly extinct. The advancement of mobile devices and cellular networks has brought about the need for pioneers to build better formats for a faster user experience.

Read more
Cloudinary Introduces Integration With SAP Commerce Cloud

We’re excited to announce Cloudinary’s integration with SAP Commerce Cloud, through which the latter’s customers can significantly boost the visual media experience on their website or app.

SAP Commerce Cloud powers some of the largest e-commerce sites (B2C, B2B, and B2B2C businesses), complete with building blocks like storefront design and order management. Reinforced with Cloudinary’s laser-sharp focus on optimizing, managing, and delivering images and videos, the new extension will enable SAP Commerce Cloud customers to create unique and engaging visual experiences effortlessly.

Read more
Personalizing Video Email for Marketing Campaigns With Cloudinary

As critical as it is to engage with shoppers in order to succeed in e-commerce, old-style, boring emails are far from being effective. In fact, they tend to be annoying because no one likes to read formulaic, generic messages that are sent en masse. For better results, rethink your email marketing campaigns and try out creative strategies.

Read more
Muted Videos and Subtitles

The bane of our existence is the lack of efficient ways for tackling the plethora of recurring tasks in our lives. One of those tasks is surfing the internet. We consume a lot of web content daily, of which a large percentage are images and videos. We’re constantly quickly scrolling through 30-second videos or checking out pictures of cute items we’d like to buy in our free time.

Read more

Building a Roommate-Matching App With Cloudinary and Jamstack

By Marcelo Ricardo de Oliveira
Building a Roommate-Matching App With Cloudinary and Jamstack

Roommate matching can be a pain—especially during the COVID pandemic when people don't want to meet in person. Matching apps like Flatmates, Roomster, and roommates.com are helpful, and if you're in the roommate-matching space, you know that great video is essential for those seeking roommates. Fortunately, Cloudinary can help.

Read more