Content Scanning
Alpha Feature
Content scanning is currently in alpha phase. This feature is under active development and may have limited availability or functionality.
Arxignis takes customer content security seriously. To reduce risk, we built a content scanning layer that inspects uploaded files for malware and viruses before they are processed in our system.
Overview
Content scanning provides:
- Malware detection - Identifies malicious software in uploaded files
- Virus scanning - Comprehensive virus detection using multiple engines
- File type validation - Ensures only safe file types are processed
- Real-time scanning - Immediate threat detection during upload
- Quarantine system - Isolates suspicious files for manual review
How It Works
Upload Process
- File Upload - Customer uploads a file to your application
- Content Scanning - File is automatically scanned for threats
- Threat Analysis - Multiple scanning engines analyze the content
- Decision - File is either approved, quarantined, or rejected
- Processing - Only clean files proceed to normal processing
Scanning Engines
Our content scanning uses multiple detection methods:
- Signature-based detection - Known malware patterns
- Heuristic analysis - Behavioral pattern recognition
- Machine learning models - AI-powered threat detection
- Sandbox analysis - Safe execution environment testing
Supported File Types
Content scanning supports a wide range of file formats:
Documents
- PDF - Portable Document Format
- DOC/DOCX - Microsoft Word documents
- XLS/XLSX - Microsoft Excel spreadsheets
- PPT/PPTX - Microsoft PowerPoint presentations
- TXT - Plain text files
- RTF - Rich Text Format
Images
- JPEG/JPG - Joint Photographic Experts Group
- PNG - Portable Network Graphics
- GIF - Graphics Interchange Format
- BMP - Bitmap images
- TIFF - Tagged Image File Format
Archives
- ZIP - Compressed archive files
- RAR - WinRAR archive format
- 7Z - 7-Zip archive format
- TAR - Tape archive format
- GZ - Gzip compressed files
Executables
- EXE - Windows executable files
- MSI - Microsoft Installer packages
- DMG - macOS disk images
- DEB - Debian package files
- RPM - Red Hat package files
API Integration
Scan File Endpoint
POST /v1/content/scan
Content-Type: multipart/form-data
Request Body:
file(form-data, required): File to scanscan_type(form-data, optional): Type of scan to perform (default: "full")
Example Request:
curl -X POST \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "[email protected]" \
-F "scan_type=full" \
"https://api.arxignis.com/v1/content/scan"
Response Format
Clean File
{
"success": true,
"scan_id": "scan_123456789",
"file_name": "document.pdf",
"file_size": 1024000,
"file_type": "application/pdf",
"scan_result": "clean",
"threats_found": [],
"scan_engines": [
{
"name": "signature_scanner",
"version": "1.2.3",
"status": "clean"
},
{
"name": "heuristic_analyzer",
"version": "2.1.0",
"status": "clean"
}
],
"scan_duration_ms": 1250,
"scanned_at": "2024-12-01T15:30:00Z"
}
Infected File
{
"success": true,
"scan_id": "scan_123456790",
"file_name": "suspicious.exe",
"file_size": 2048000,
"file_type": "application/x-msdownload",
"scan_result": "infected",
"threats_found": [
{
"engine": "signature_scanner",
"threat_name": "Trojan.Generic.123456",
"severity": "high",
"description": "Generic trojan detected"
},
{
"engine": "heuristic_analyzer",
"threat_name": "Suspicious.Behavior",
"severity": "medium",
"description": "Suspicious behavior patterns detected"
}
],
"scan_engines": [
{
"name": "signature_scanner",
"version": "1.2.3",
"status": "infected"
},
{
"name": "heuristic_analyzer",
"version": "2.1.0",
"status": "suspicious"
}
],
"quarantine_id": "quarantine_789",
"scan_duration_ms": 2100,
"scanned_at": "2024-12-01T15:30:00Z"
}
Scan Results
Clean
- Status: File is safe to process
- Action: Proceed with normal file handling
- Threats: None detected
Suspicious
- Status: File shows suspicious characteristics
- Action: Additional review recommended
- Threats: Low to medium risk indicators
Infected
- Status: File contains malware or viruses
- Action: File is quarantined and blocked
- Threats: High-risk threats detected
Quarantine System
Quarantine Management
Infected files are automatically quarantined:
GET /v1/content/quarantine
GET /v1/content/quarantine/{quarantine_id}
DELETE /v1/content/quarantine/{quarantine_id}
Quarantine Response
{
"success": true,
"quarantine_id": "quarantine_789",
"file_name": "suspicious.exe",
"quarantined_at": "2024-12-01T15:30:00Z",
"threats": [
{
"threat_name": "Trojan.Generic.123456",
"severity": "high",
"description": "Generic trojan detected"
}
],
"scan_engines": ["signature_scanner", "heuristic_analyzer"],
"file_hash": "sha256:abc123...",
"expires_at": "2024-12-08T15:30:00Z"
}
Configuration
Scan Policies
Configure scanning behavior for your organization:
{
"scan_policy": {
"max_file_size_mb": 100,
"allowed_file_types": ["pdf", "docx", "jpg", "png"],
"blocked_file_types": ["exe", "bat", "cmd"],
"quarantine_duration_days": 7,
"auto_approve_clean": true,
"require_manual_review": false
}
}
Scan Types
- Quick Scan - Fast signature-based detection (default)
- Full Scan - Comprehensive analysis including heuristics
- Deep Scan - Advanced analysis with sandbox testing
Error Responses
400 Bad Request - Invalid File
{
"success": false,
"error": "Invalid file format",
"details": {
"file_type": "unsupported",
"supported_types": ["pdf", "docx", "jpg", "png"]
}
}
413 Payload Too Large
{
"success": false,
"error": "File too large",
"details": {
"file_size": 104857600,
"max_size": 104857600
}
}
429 Too Many Requests
{
"success": false,
"error": "Rate limit exceeded",
"details": {
"retry_after": 60,
"limit": "10 scans per minute"
}
}
Integration Examples
Cloudflare Worker
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
if (request.method === 'POST' && request.url.includes('/upload')) {
const formData = await request.formData()
const file = formData.get('file')
// Scan the file
const scanResponse = await fetch('https://api.arxignis.com/v1/content/scan', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
},
body: formData
})
const scanResult = await scanResponse.json()
if (scanResult.scan_result === 'infected') {
return new Response('File rejected: malware detected', { status: 400 })
}
// Process clean file
return new Response('File uploaded successfully')
}
return fetch(request)
}
Nginx Lua
local http = require "resty.http"
local cjson = require "cjson"
local function scan_file(file_path)
local httpc = http.new()
local form_data = {
file = file_path,
scan_type = "full"
}
local res, err = httpc:request_uri("https://api.arxignis.com/v1/content/scan", {
method = "POST",
headers = {
["Authorization"] = "Bearer YOUR_API_KEY"
},
body = form_data
})
if not res then
return "error"
end
local data = cjson.decode(res.body)
return data.scan_result or "error"
end
-- In access_by_lua_block for file uploads
local scan_result = scan_file(ngx.var.request_body_file)
if scan_result == "infected" then
ngx.status = 400
ngx.say("File rejected: malware detected")
ngx.exit(400)
end
Best Practices
- Scan early - Scan files immediately upon upload
- Monitor quarantine - Regularly review quarantined files
- Update policies - Adjust scan policies based on your needs
- Handle errors gracefully - Implement fallback behavior for scan failures
- Log scan results - Keep audit trails of all scan activities
- Test regularly - Validate scanning effectiveness with test files
Limitations
Alpha Limitations
- Limited file types - Some file formats may not be supported yet
- Performance impact - Scanning adds latency to upload process
- Rate limits - Scanning is subject to API rate limits
- False positives - Some legitimate files may be flagged
Support
For questions about content scanning or to report issues:
- Documentation - Check our API documentation
- Support - Contact our support team
- Feedback - Help us improve the alpha feature