How to Scan Files for Viruses, Malware and XXE Threats in JavaScript

With the ready-to-run JavaScript code examples provided further down the page, you can easily take advantage of a free API that provides 360-degree content protection for your file upload processes. Files will be scanned in-memory for millions of virus and malware signatures, and potentially threatening content — such as XML files containing XXE vulnerabilities — will be identified immediately. Setting the “allowXmlExternalEntities” parameter to “false” will treat files containg XXE vulnerabilities the same as files containing identifiable virus or malware signatures, making it easy to sanitize your upload process in one step.

Just copy the below code examples to structure your API call:

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
 
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

You can now use a free-tier API key to authenticate your request (you can get one by registering a free account on the Cloudmersive website).

Just like that, you have multi-threat scanning capabilities built into your file upload process!