Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

How to Scan PowerPoint Show (.PPSX) Files for Threats in your Node.js App

Cloudmersive
4 min readMay 5, 2025

--

PowerPoint Show (.ppsx) files auto-start in slideshow mode, which makes them a quick and convenient presentation-sharing format. Unfortunately, that same convenience makes them a potential threat vector.

Understanding Embedded Threats in PPSX

PowerPoint Show files are capable of carrying malicious content — like embedded scripts and malicious links, for example — which are usually designed to trigger when the show presentation is opened. Threat actors can also engineer specially crafted .ppsx files to exploit zero-day reader vulnerabilities in the viewer’s environment.

Corporate file upload portals, e-learning platforms, media submission forms, and other such business applications built in Node.js might deal with .ppsx file uploads somewhat regularly. If you’re building apps of that nature, it’s critical to scan all files — including .ppsx and all other presentation, image, or published document formats — for threats before saving, parsing, or previewing them.

Checking PPSX Content for Threats with a Free API

Thankfully, using the below code, we can implement a robust security API for our Node.js app which handles both virus scanning and deep content verification for .ppsx and dozens of other unique file types. We can make sure insecure uploads loaded with scripts, executables, and other risky content don’t reach sensitive backend servers, putting unsuspecting users in harm’s way.

We can structure our API call in a few quick steps. For starters, we’ll run the below command to install the SDK:

npm install cloudmersive-virus-api-client --save

Following that, we’ll use the below snippet to initialize the API client and set our API key for authentication (we’ll need a free API key; we can get one by creating a free account on the Cloudmersive website):

var CloudmersiveVirusApiClient = require('cloudmersive-virus-api-client');
var defaultClient = CloudmersiveVirusApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';

Finally, we’ll create an instance of the API, read and prepare our file input, configure our scanning options and execute our scan:


var apiInstance = new CloudmersiveVirusApiClient.ScanApi();

var inputFile = Buffer.from(fs.readFileSync("C:\\temp\\inputfile").buffer); // File | Input file to perform the operation on.

var opts = { 
  'allowExecutables': true, // Boolean | Set to false to block executable files (program code) from being allowed in the input file.  Default is false (recommended).
  'allowInvalidFiles': true, // Boolean | Set to false to block invalid files, such as a PDF file that is not really a valid PDF file, or a Word Document that is not a valid Word Document.  Default is false (recommended).
  'allowScripts': true, // Boolean | Set to false to block script files, such as a PHP files, Python scripts, and other malicious content or security threats that can be embedded in the file.  Set to true to allow these file types.  Default is false (recommended).
  'allowPasswordProtectedFiles': true, // Boolean | Set to false to block password protected and encrypted files, such as encrypted zip and rar files, and other files that seek to circumvent scanning through passwords.  Set to true to allow these file types.  Default is false (recommended).
  'allowMacros': true, // Boolean | Set to false to block macros and other threats embedded in document files, such as Word, Excel and PowerPoint embedded Macros, and other files that contain embedded content threats.  Set to true to allow these file types.  Default is false (recommended).
  'allowXmlExternalEntities': true, // Boolean | Set to false to block XML External Entities and other threats embedded in XML files, and other files that contain embedded content threats.  Set to true to allow these file types.  Default is false (recommended).
  'allowInsecureDeserialization': true, // Boolean | Set to false to block Insecure Deserialization and other threats embedded in JSON and other object serialization files, and other files that contain embedded content threats.  Set to true to allow these file types.  Default is false (recommended).
  'allowHtml': true, // Boolean | Set to false to block HTML input in the top level file; HTML can contain XSS, scripts, local file accesses and other threats.  Set to true to allow these file types.  Default is false (recommended) [for API keys created prior to the release of this feature default is true for backward compatability].
  'restrictFileTypes': "restrictFileTypes_example" // String | Specify a restricted set of file formats to allow as clean as a comma-separated list of file formats, such as .pdf,.docx,.png would allow only PDF, PNG and Word document files.  All files must pass content verification against this list of file formats, if they do not, then the result will be returned as CleanResult=false.  Set restrictFileTypes parameter to null or empty string to disable; default is disabled.
};

var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.scanFileAdvanced(inputFile, opts, callback);

We can delete, quarantine, or take any other action we want on files that produce a “CleanResult”: false response. This simplifies our approach to file upload security with modest code changes to our application.

Nodejs
File Upload Vulnerability
Application Security
Virus Scan
Malware Analysis

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

721 followers
11 following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech