<div>
Not sure of the ToS, but you might also be able to send a copy of each file to virustotal.com?<br />
<br />
If so, then I would do that as well as, not instead of, any of the above.<br />
<br />
Alan.
</div>


Not sure of the ToS, but you might also be able to send a copy of each file to virustotal.com?

If so, then I would do that as well as, not instead of, any of the above.

Alan.

<div>
Hello,<br />
<br />
For effective multi vendor scanning you may use the Virus Total private service. For details on API integration refer the below article,<br />
<a href="https://www.virustotal.com/en/documentation/private-api/" rel="ugc">https://www.virustotal.com/en/documentation/private-api/</a><br />
<br />
Good Luck!
</div>


Hello,

For effective multi vendor scanning you may use the Virus Total private service. For details on API integration refer the below article,
https://www.virustotal.com/en/documentation/private-api/ [https://www.virustotal.com/en/documentation/private-api/]

Good Luck!

<div>
Thanks everyone for the amazing replies. My app server runs Java Enterprise Edition to communicate and send files to the database servers. I want to make sure the files are scanned as they are uploaded. Luckily I do have a NGFW already as well at my boundary to mitigate risks.
</div>


Thanks everyone for the amazing replies. My app server runs Java Enterprise Edition to communicate and send files to the database servers. I want to make sure the files are scanned as they are uploaded. Luckily I do have a NGFW already as well at my boundary to mitigate risks.

<div>
I cannot emphasize enough that just having these products are NOT security...you have to know how to configure them to protect your environment from threats. Security is not a product...its a process! Both the Gateway and Endpoint AV security services need to be configured and the DMZ needs to be locked down to only allow specific ports/services from running to Zone to Zone, e.g. WAN&gt;DMZ, DMZ&gt;LAN &amp;&nbsp;LAN&gt;DMZ.
</div>


I cannot emphasize enough that just having these products are NOT security...you have to know how to configure them to protect your environment from threats. Security is not a product...its a process! Both the Gateway and Endpoint AV security services need to be configured and the DMZ needs to be locked down to only allow specific ports/services from running to Zone to Zone, e.g. WAN>DMZ, DMZ>LAN & LAN>DMZ.

<div>
<div class="content wysiwyg-content">
I host application servers for a website and to allow users to upload documents, we need them to be scanned first by AV software. I assume I will need to find AV with some sort of API to trigger the scan. Does anyone know how to approach this problem?
</div>
</div>


I host application servers for a website and to allow users to upload documents, we need them to be scanned first by AV software. I assume I will need to find AV with some sort of API to trigger the scan. Does anyone know how to approach this problem?

Antivirus to scan document uploads?

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

An application server is a software framework that provides both facilities to create applications and a server environment to run them. Most application server frameworks contain a comprehensive service layer model, acting as a set of components accessible to the software developer through an API defined by the platform itself. For Web applications, these components are usually performed in the same running environment as their web server(s), and their main job is to support the construction of dynamic pages. However, many application servers target much more than just Web page generation: they implement services like clustering, fail-over, and load-balancing.

Application Servers

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cyber security refers to the protection of personal or organizational information or information resources from unauthorized access, attacks, theft, or data damage. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Cyber Security

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.