How to Virus Scan Email Attachments before Adding to SharePoint List using Power Automate
It’s easy enough to send inbound email attachments directly to a SharePoint list using the Office 365 Outlook and SharePoint connectors in Power Automate.
When we automate a process like this, however, we may want to ensure the files we send to SharePoint are clean & secure before we put them in a widely accessible location. Inadvertently passing malicious files to a SharePoint list might quickly disseminate those files across a wide group of users.
Thankfully, we can implement a quick Virus Scan action in our Power Automate flow that checks files against a continuously updated list of 17 million virus and malware threats. When malicious files are detected, we’ll alert ourselves immediately with a MS Teams message (note: we don’t have to alert ourselves this way — this is just one example of implementing messaging services into a security workflow).
To build this flow, we’ll start by creating an Automated cloud flow that uses the When a new email arrives (V3) trigger action from the Office 365 Outlook connector.
We’ll open our trigger action and configure parameters to 1) check for emails from one or more senders (this limitation helps for testing, but we may want to expand this list later), 2) include attachments in the flow, and 3) ignore emails without attachments.
In our next step, we’ll immediately scan all the file attachments we receive from any relevant trigger email.
We’ll use the Scan a file action from the Cloudmersive Virus Scan connector to handle this step.
We’ll create our connection (this requires a free API key, which we can get by creating a free account on the Cloudmersive website), and we’ll then pass the Attachments Content value from our email trigger to the Input File parameter.
This action returns a CleanResult boolean response, and we’ll use that response in a subsequent Condition to control next steps in our flow.
We’ll check if the body/CleanResult value equals “true”, which will send clean files to the True branch of our condition.
In the True branch of our Condition, we’ll use the Create item action from the SharePoint connector to initialize the list items we’ll attach our inbound files to.
We may multiple columns in the list we choose; we’ll ignore those for now.
We’ll next use the Add Attachment action to attach clean files to each new list item.
We’ll use the Attachments Name and Attachments Content values to define each list item attachment.
In the False branch of our condition, we’ll use the Post message in a chat or channel action to send ourselves an alert about malicious files.
In this example, we’ll post the message as a Flow bot in the Chat with Flow bot. We’ll create a detailed message including the name of the attachment that triggered the CleanResult: False response.
We’ll now save our flow and run a test.
We’ll test with two files in this example — one PDF, and one PNG image.
When our flow finishes running, we’ll find our scanned files attached to new items on the target SharePoint list (we didn’t add any other column details here, so our new items appear blank except for the attached files).
Conclusion
In this walkthrough, we quickly implemented a way to scan inbound email attachments for viruses and malware before placing those attachments on new SharePoint list items.
With the Cloudmersive Advanced Scan API, we can go several steps further and scan files for content threats like macros, executables, scripts, unsafe archives, and more.
We’ll walkthrough a similar flow using the Advanced Scan iteration in another article. Don’t forget to follow this blog for more Power Automate walkthroughs!
