File malware scanner

Check that user uploaded files do not contain malware

High Level Overview

Uploading files containing malware is a common security exploit on websites that allows users to upload unsafe files to be later downloaded by other users. This can be prevented by scanning file contents for malware.
This implementation uses Scanii or Cloudmersive, both APIs that can be used to set up this functionality. Only one of the two is needed. In the demo page below, only the Scanii setup is functional - the Cloudmersive page would require some rework to work properly.
Filestack also has a file scanning feature that checks for malware, but the minimum price of using that plan is $359/mo as of June 2021. The Filestack implementation will not be discussed below. It may require a custom Filestack plugin that allows for triggering Filestack workflows, and a Filestack workflow which scans files for viruses.


Run mode credentials:
u: username
p: password

Technical Details

There are a few different approaches that can be used to scan files. Here they are listed in order of simplicity to implement in Bubble:
  1. 1.
    Asynchronous file scanning, sending the file URL to Scanii
  2. 2.
    Synchronous file scanning, sending the raw file content to Scanii/Cloudmersive (not implemented... need to create a plugin action that gets raw file content in order for this to work)


This implementation uses the API connector to send a request and gets the result a few moments later in a backend workflow on the Bubble app.


  • Scan file (async)
    • Takes the URL of the file that needs to be scanned and starts checking for a virus.
    • Returns an ID value that needs to be used later to check the result of the request.
  • Get scanned result (async)
    • Takes the ID of a scanned file and gets the results of the request.

Cloudmersive (not functional)

This implementation uses the API connector to send a request and gets the result in the same workflow it was run in on the app.


  • Text to clean: the text that needs to be sanitized.
  • Options (optional)
    • Send a custom JSON with options for this function. This can be used to specify a whitelist, or other options specified by the git repo.

Additional technical docs