How to Validate Excel Email Attachments and Scan for Malware in Power Automate
Email automation is one of the most powerful time-saving features Power Automate has to offer. We can, for example, create Power Automate workflows that store Excel files (or other important file types) from specific senders directly in SharePoint folders without any manual intervention.
Just like any automated workflow, however, email & Excel automation has its risks. We might store invalid or even malicious Excel files in our system if we don’t rigorously validate that content as it travels from our inbox to our SharePoint site.
Thankfully, we can thoroughly vet Excel attachments in Power Automate using a pair of Cloudmersive APIs. After the Office 365 Outlook connector retrieves Excel file bytes directly from an attachment and brings them into our Power Automate flow, the Cloudmersive Document Conversion & Virus Scan connectors can scour the Excel content for myriad errors and malware signatures.
Let’s walk through a quick example flow to see how this can work in practice.
Validate & Virus Scan Excel Attachments in Power Automate
We’ll start by building an automated cloud flow using the When a new email arrives (V3) trigger from the Office 365 Outlook connector.
We’ll configure our trigger action to run when we receive emails from one or more senders (just one in this case), and we’ll select “Yes” for both the Include Attachments and Only with Attachments stipulations. This way, our flow won’t run unless emails contain some form of attachment.
In our next step, we’ll use an Excel validation action available via the Cloudmersive Document Connector.
We can find this connector by typing “Cloudmersive” into the connector search bar and then scrolling down until we see the Document Conversion option with the green logo.
We can click “see more” to view the actions list, and we can then CTRL+F or CMD+F search Validate a Excel document (XLSX) to find the action we need.
After selecing this action, we’ll create our Document Conversion connection. We need an API key for that, and we can get one for free by visiting the Cloudmersive website & creating a free account.
Once our connection is saved, we’ll pass the Attachments Content and Attachments Name values from our Outlook trigger action as arguments into our two request parameter fields.
We’ll notice that Power Automate wraps our Validate action in a For each control on our behalf. Emails can contain multiple attachments, so we’ll perform the next few actions in our flow for each file we find attached.
The Validate action returns a body/DocumentIsValid boolean response. Using the Condition control that checks if body/DocumentIsVald == true, we can filter out invalid Excel documents at this stage.
In the False branch of our condition, we can automatically email the sender politely asking them to re-send the file if it was invalid (in this case, we used a second condition to ensure the sender ONLY receives an email if the file in question had an .xlsx extension to begin with).
In the True branch of our condition, we can now scan the Excel file for virus and malware signatures before we store the file on our SharePoint site.
We can use the Scan a file for viruses action from the Cloudmersive Virus Scan connector in this step.
This action leverages a continuously updated database of 17 million+ virus and malware signatures to check files for malicious threats.
We can then use another condition to check if the body/CleanResult boolean == true.
While it’s fine to email the sender back about invalid Excel attachments, it’s extremely important that we do NOT communicate with the email sender if our inbound attachment contains a virus; this information could aid them in subsequent attacks.
In this False branch, we can instead alert ourselves in some way. In this case, we’ve chosen to send ourselves an MS Teams alert in the FlowBot chat.
In the True branch of our condition, we’ll use a Create file action from the Sharepoint connector to save the validated & virus scanned Excel attachment on our team site.
After we save this flow, we can test it by sending ourselves an email with a few different attachments. In this case, we’ll attach an Excel file and a PDF document.
When our flow finishes running, we should find that exactly one For each scenario ended with a file saved on our SharePoint team site. In this example, our PDF was ignored.
Other attachments we may not have accounted for in our inbound email were PNG files found in our own email signature (e.g., social media icons). This is one reason why it’s important to ONLY email the sender back about invalid files containing the correct (xlsx) extension.
Conclusion
In this article, we learned how to validate Excel email attachments to check for errors and warnings, and we learned how to scan those same attachments for viruses and malware. We also learned how to handle invalid or malicious files using conditions in our Power Automate flow.
Remember to check back in on our channel for more Power Automate walkthroughs every day!
