How to Scan Files for Unsafe Archives, Viruses and Malware using JavaScript

Avoiding malicious archive extraction outcomes requires powerful content verification measures in addition to the usual virus and malware scanning steps that take place in a file upload/file download process. Using the code below, you can accomplish both steps in a single API request. You can set the “allowUnsafeArchives” request Boolean to “false” to block archives with unsafe extraction outcomes while simultaneously scanning archive files (and myriad other file types) for millions of virus and malware signatures.

You can easily structure your API call by copying and pasting the following code (and you can authenticate your request with a free-tier API key, which allows 800 API calls per month):

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
 
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

The API response will identify more than a dozen hidden non-malware threat types, and you can configure additional boolean request parameters to customize your threat rules.