How to Virus Scan SharePoint List Attachments in Power Automate
Well disguised virus- and malware-infected files are sometimes capable of bypassing antivirus policies at the edge of our network.
When that happens, those files can end up anywhere in our system. Unsuspecting users might find and share such files with sensitive areas of our network based on coercive document titles or other metadata, unaware that the file contents are malicious.
If one of those locations is a SharePoint list, there could be real trouble on the horizon. List admins tend to have escalated permissions, and executing malware in administrative environments can rapidly compromise entire networks.
Scan SharePoint List Attachments
Thankfully, bolstering security around our SharePoint Lists isn’t all that complicated. We can build Power Automate flows that 1) automatically retrieve file contents when they’re attached to SharePoint List items and 2) perform additional antivirus scans to double-check attachments for threats. We can use the Cloudmersive Virus Scan connector for this purpose, and we’ll walk through how to set that up now.
We’ll start by creating an Automated cloud flow and selecting the SharePoint When an item is created trigger action.
After we configure the When an item is created trigger action with our SharePoint site address and List name, we’ll add two additional SharePoint actions into our flow.
The Get attachments action retrieves file information from our List item attachments using the List item ID, and the Get attachment content action retrieves attachment file bytes using the file ID.
When we select the file ID value for our Get attachment content action, Power Automate will automatically wrap the action in an Apply to each (for each) control to account for the possibility of multiple attachments on a single List item.
Next, we’ll add a new action, and we’ll find the Cloudmersive Virus Scan connector.
We’ll select the first action on this list titled Scan a file for viruses, and we’ll then create our Cloudmersive connection. We’ll need a free API key to authorize our requests; we can get one by creating a free account on the Cloudmersive website (free API keys allow a limit of 800 API calls per month with zero commitments).
Now we’ll add response content from the Get attachment content action to the “Input File” parameter.
Now we’ll save our flow and run a quick test by creating a new List item with a file attachment on our target SharePoint List.
The “CleanResult”: true response from the Scan a file for viruses action indicates no viruses or malware were detected in the file attachment. This API identifies virus and malware threats by leveraging a variety of advanced threat detection techniques and referencing a continuously updated list of 17+ million virus and malware signatures.
We can now easily configure next steps in our flow based on the “CleanResult” response. For example, we can set up conditions to delete or quarantine infected files.
