Cloudinary Blog

How-to detect and prevent malware infected user uploads

How To Prevent Malware in Malicious File Upload

Social networking sites allow users to upload images or other types of files that are immediately available to other users via news feeds or notifications. In some cases, attackers can directly spread infected files, but more commonly, they leverage the viral effect and the fact that users are simply unaware that their files are infected through sharing and collaborating with others. As a site owner or application developer, it is your responsibility to protect users and prevent these situations from occurring. Fortunately, Cloudinary makes this easier with its Metascan add-on.

Cloudinary's image management allows you to upload images, along with other files like PDFs, directly from your users’ browsers or mobile applications. While most modern image formats are fairly safe, nothing is guaranteed, and the various other file formats that users use to upload and share may be infected with malicious code. We want to ensure that you and your users are safe so that there's no chance of malware creeping into uploaded files. With Cloudinary's Metascan add-on, you can detect and prevent advanced known and unknown malware and threats by scanning and sanitizing your users' uploaded files.

Metascan anti-malware add-on

Brought to you by OPSWAT, Metascan is fully integrated into Cloudinary’s image management and manipulation service. While uploading images to the cloud using Cloudinary’s upload API, you can set the moderation upload API parameter to metascan in order to request to have your uploaded images and other files automatically scanned and removed if malware is detected. It’s also possible to select batches of previously uploaded files to scan using Cloudinary’s API.

With the Metascan add-on, you don't need to install any anti-malware software or build a file scanning pipeline. By simply using Cloudinary's image upload API, or Admin API for previously uploaded images, all of your images can be scanned and moderated accordingly.

Below is a sample code that requests a Metascan scan of a PDF document that is being uploaded to Cloudinary.

Ruby:
Cloudinary::Uploader.upload("local_file.pdf", 
  :moderation => "metascan")
PHP:
\Cloudinary\Uploader::upload("local_file.pdf", 
  array("moderation" => "metascan"));
Python:
cloudinary.uploader.upload("local_file.pdf",
  moderation = "metascan")
Node.js:
cloudinary.uploader.upload("local_file.pdf", 
  function(result) { console.log(result); }, 
  { moderation: "metascan" });
Java:
cloudinary.uploader().upload("local_file.pdf", 
  ObjectUtils.asMap("moderation", "metascan"));

With this request, Metascan performs scans with anti-malware engines (ESet, AVG, ClaimWin and Norman) on images and files that are being uploaded. Scanning is done asynchronously within seconds, meaning there is no impact on user experience. If Metascan detects malware in a file, the file is removed and the CDN cache is invalidated. The original file is stored in secondary storage, which enables you to recover it in case you want to override the Metascan results.

Additionally, you can set up notifications that let you know which files were marked as safe or rejected. You have the option of scanning your user uploaded files with Cloudinary before publishing them, allowing you to share only uploaded content that you know has gotten the green light.

As you can see in the screenshot below, Cloudinary’s online media library allows you to further control this process with multiple lists of pending scan requests, and approved or rejected files, permitting you to override these results if necessary. These can also be performed by the API. For example, if a user reports a file that wasn’t initially found to be malicious, you can mark it as problematic with a single click or API call and remove it or approve it if you think that it was mistakenly marked as containing malware. See our documentation to learn more about the Metascan add-on.

Metascan moderation queue

Final Notes

With all of the cyber threats in the world today, sharing on social networks makes malware distribution fast and dangerous. While most image formats are relatively safe, other formats, such as PDFs, are more risky. At Cloudinary, we are committed to helping you protect your users, website or web application from malware and viruses. Using Cloudinary’s Metascan add-on prevents vulnerabilities and enhances overall site security.

Metascan add-on screenshot

You can try the Metascan add-on for free, just by subscribing to the free add-on plan. If you don't have a Cloudinary account yet, sign up for a free account here.

Recent Blog Posts

Hipcamp Optimizes Images and Improves Page Load Times With Cloudinary

When creating a website that allows campers to discover great destinations, Hipcamp put a strong emphasis on featuring high-quality images that showcased the list of beautiful locations, regardless of whether users accessed the site on a desktop, tablet, or phone. Since 2015, Hipcamp has relied on Cloudinary’s image management solution to automate cropping and image optimization, enabling instant public delivery of photos, automatic tagging based on content recognition, and faster loading of webpages. In addition, Hipcamp was able to maintain the high standards it holds for the look and feel of its website.

Read more
New Image File Format: FUIF: Why Do We Need a New Image Format

In my last post, I introduced FUIF, a new, free, and universal image format I’ve created. In this post and other follow-up pieces, I will explain the why, what, and how of FUIF.

Even though JPEG is still the most widely-used image file format on the web, it has limitations, especially the subset of the format that has been implemented in browsers and that has, therefore, become the de facto standard. Because JPEG has a relatively verbose header, it cannot be used (at least not as is) for low-quality image placeholders (LQIP), for which you need a budget of a few hundred bytes. JPEG cannot encode alpha channels (transparency); it is restricted to 8 bits per channel; and its entropy coding is no longer state of the art. Also, JPEG is not fully “responsive by design.” There is no easy way to find a file’s truncation offsets and it is limited to a 1:8 downscale (the DC coefficients). If you want to use the same file for an 8K UHD display (7,680 pixels wide) and for a smart watch (320 pixels wide), 1:8 is not enough. And finally, JPEG does not work well with nonphotographic images and cannot do fully lossless compression.

Read more
 New Image File Format: FUIF:Lossy, Lossless, and Free

I've been working to create a new image format, which I'm calling FUIF, or Free Universal Image Format. That’s a rather pretentious name, I know. But I couldn’t call it the Free Lossy Image Format (FLIF) because that acronym is not available any more (see below) and FUIF can do lossless, too, so it wouldn’t be accurate either.

Read more
Optimizing Video Streaming and Delivery: Q&A with Doug Sillars

Doug Sillars, a digital nomad and a freelance mobile-performance expert, answers questions about video streaming and delivery, website optimization, and more.

Doug Sillars, a freelance mobile-performance expert and developer advocate, is a Google Developer Expert and the author of O’Reilly’s High Performance Android Apps. Given his extensive travels across the globe—from the UK to Siberia—with his wife, kids, and 11-year-old dog, Max, he has been referred to as a “digital nomad.” So far in 2018, Doug has spoken at more than 75 meetups and conferences!

Read more