Malicious upload detection (also known as uploaded content scanning) is a WAF security feature that identifies and scans files containing suspicious or malicious signatures, like malware. This provides protection against attacks on web applications that allow users to upload arbitrary file types, such as photos or videos.

Attackers can exploit these flaws to upload phishing pages that steal user data or execute malicious script on the server-side to download a backdoor or gain access to the backend database and fully compromise the system. This policy uses a simple threshold to detect potentially malicious file sizes and prevents them from being uploaded in order to protect against these vulnerabilities.

Malicious Upload Detection: Safeguard Your Website from Threats

The default implementation of this detection rely on the open-source ClamAV antivirus engine to check uploaded files against its list of signatures for known malware and phishing attacks. It is able to handle a wide range of file formats such as images, documents and videos. The flexibility of the platform enables it to adapt to the workflows of each project and tailor the scan results according to its needs, making it highly efficient at blocking malicious files and ensuring a high level of security for users of your application.

Depending on the configuration, the scan may also identify other malicious properties of the file such as Trojans, spyware, and other suspicious behaviors. The report also includes the detection status of each engine (malware, adware, clean) as well as summary details such as engine version, positives and total, in order to assess the file’s risk.