Cloudinary Blog

How-to detect and prevent malware infected user uploads

By Nadav Soferman
How to detect and prevent malware infected user uploads

Social networking sites allow users to upload images or other types of files that are immediately available to other users via news feeds or notifications. In some cases, attackers can directly spread infected files, but more commonly, they leverage the viral effect and the fact that users are simply unaware that their files are infected through sharing and collaborating with others. As a site owner or application developer, it is your responsibility to protect users and prevent these situations from occurring. Fortunately, Cloudinary makes this easier with its Metascan add-on.

Cloudinary's image management allows you to upload images, along with other files like PDFs, directly from your users’ browsers or mobile applications. While most modern image formats are fairly safe, nothing is guaranteed, and the various other file formats that users use to upload and share may be infected with malicious code. We want to ensure that you and your users are safe so that there's no chance of malware creeping into uploaded files. With Cloudinary's Metascan add-on, you can detect and prevent advanced known and unknown malware and threats by scanning and sanitizing your users' uploaded files.

Metascan anti-malware add-on

Brought to you by OPSWAT, Metascan is fully integrated into Cloudinary’s image management and manipulation service. While uploading images to the cloud using Cloudinary’s upload API, you can set the moderation upload API parameter to metascan in order to request to have your uploaded images and other files automatically scanned and removed if malware is detected. It’s also possible to select batches of previously uploaded files to scan using Cloudinary’s API.

With the Metascan add-on, you don't need to install any anti-malware software or build a file scanning pipeline. By simply using Cloudinary's image upload API, or Admin API for previously uploaded images, all of your images can be scanned and moderated accordingly.

Below is a sample code that requests a Metascan scan of a PDF document that is being uploaded to Cloudinary.

RubyPHPPythonNode.jsJavaAll
Ruby:
Copy to clipboard
Cloudinary::Uploader.upload("local_file.pdf", 
  :moderation => "metascan")
PHP:
Copy to clipboard
\Cloudinary\Uploader::upload("local_file.pdf", 
  array("moderation" => "metascan"));
Python:
Copy to clipboard
cloudinary.uploader.upload("local_file.pdf",
  moderation = "metascan")
Node.js:
Copy to clipboard
cloudinary.uploader.upload("local_file.pdf", 
  function(result) { console.log(result); }, 
  { moderation: "metascan" });
Java:
Copy to clipboard
cloudinary.uploader().upload("local_file.pdf", 
  ObjectUtils.asMap("moderation", "metascan"));

With this request, Metascan performs scans with anti-malware engines (ESet, AVG, ClaimWin and Norman) on images and files that are being uploaded. Scanning is done asynchronously within seconds, meaning there is no impact on user experience. If Metascan detects malware in a file, the file is removed and the CDN cache is invalidated. The original file is stored in secondary storage, which enables you to recover it in case you want to override the Metascan results.

Additionally, you can set up notifications that let you know which files were marked as safe or rejected. You have the option of scanning your user uploaded files with Cloudinary before publishing them, allowing you to share only uploaded content that you know has gotten the green light.

As you can see in the screenshot below, Cloudinary’s online media library allows you to further control this process with multiple lists of pending scan requests, and approved or rejected files, permitting you to override these results if necessary. These can also be performed by the API. For example, if a user reports a file that wasn’t initially found to be malicious, you can mark it as problematic with a single click or API call and remove it or approve it if you think that it was mistakenly marked as containing malware. See our documentation to learn more about the Metascan add-on.

Metascan moderation queue

Final Notes

With all of the cyber threats in the world today, sharing on social networks makes malware distribution fast and dangerous. While most image formats are relatively safe, other formats, such as PDFs, are more risky. At Cloudinary, we are committed to helping you protect your users, website or web application from malware and viruses. Using Cloudinary’s Metascan add-on prevents vulnerabilities and enhances overall site security.

Metascan add-on screenshot

You can try the Metascan add-on for free, just by subscribing to the free add-on plan. If you don't have a Cloudinary account yet, sign up for a free account here.

Recent Blog Posts

Generate Waveform Images from Audio with Cloudinary

By David Walsh
Generate Waveform Images from Audio with Cloudinary

This is a reposting of an article written by David Walsh. Check out his blog HERE!
I've been working a lot with visualizations lately, which is a far cry from your normal webpage element interaction coding; you need advanced geometry knowledge, render and performance knowledge, and much more. It's been a great learning experience but it can be challenging and isn't always an interest of all web developers. That's why we use apps and services specializing in complex tasks like Cloudinary: we need it done quickly and by a tool written by an expert.

Read more

Make All Images on Your Website Responsive in 3 Easy Steps

By Christian Nwamba
Make All Images on Your Website Responsive in 3 Easy Steps

Images are crucial to website performance, but most still don't implement responsive images. It’s not just about fitting an image on the screen, but also making the the image size relatively rational to the device. The srcset and sizes options, which are your best hit are hard to implement. Cloudinary provides an easier way, which we will discuss in this article.

Read more

The Future of Audio and Video on the Web

By Prosper Otemuyiwa
The Future of Audio and Video on the Web

Web sites and platforms are becoming increasingly media-rich. Today, approximately 62 percent of internet traffic is made up of images, with audio and video constituting a growing percentage of the bytes.

Read more

Embed Images in Email Campaigns at Scale

By Sourav Kundu
Embed Images in Email Campaigns at Scale

tl;dr

Cloudinary is a powerful image hosting solution for email marketing campaigns of any size. With features such as advanced image optimization and on-the-fly image transformation, backed by a global CDN, Cloudinary provides the base for a seamless user experience in your email campaigns leading to increased conversion and performance.

Read more

Build the Back-End For Your Own Instagram-style App with Cloudinary

By Christian Nwamba
Build the Back-End For Your Own Instagram-style App with Cloudinary

Github Repo

Managing media files (processing, storage and manipulation) is one of the biggest challenges we encounter as practical developers. These challenges include:

A great service called Cloudinary can help us overcome many of these challenges. Together with Cloudinary, let's work on solutions to these challenges and hopefully have a simpler mental model towards media management.

Read more

Build A Miniflix in 10 Minutes

By Prosper Otemuyiwa
Build A Miniflix in 10 Minutes

Developers are constantly faced with challenges of building complex products every single day. And there are constraints on the time needed to build out the features of these products.

Engineering and Product managers want to beat deadlines for projects daily. CEOs want to roll out new products as fast as possible. Entrepreneurs need their MVPs like yesterday. With this in mind, what should developers do?

Read more