Header Image Making your first antivirus scan with AttachmentScanner

Making your first antivirus scan with our API

Making your first antivirus/malware scan in Attachment Scanner was designed to be quick and easy.

You can make your scan in any web language or framework. We have examples in C#, Go, Java, NodeJS, PHP, Python, Ruby and many more on our examples page. However, we're going to start with an example on the command line using cURL and then show a Java example.

Our API can make a virus scan using either a file or the URL pointing to a file. The simplest option is to use a URL as it avoids uploading files over multipart/form-data.

In order to make the scan, you'll need to sign up for an account with our service at www.attachmentscanner.com. Once you create a scanner you'll be given two pieces of information:

Item Description
API_TOKEN The Authentication token used to identify your account to the API.
API_URL The URL of the Scanner API, this will vary depending on which cluster you created your antivirus scanner.

Now that we have our credentials we can go ahead and make a scan of our URL. The URL we're going to be scanning is the Eicar file (eicar.com - a file used to test antivirus engines, we'll be making a future blog post about this file).

So let's make our scan using the command line:

curl -i -H "Authorization: Bearer API_TOKEN" -d "url=https://www.attachmentscanner.com/eicar.com" -XPOST http://API_URL/v0.1/scans

Once we make the call to the API we'll see something like the following:

    "status": "found",
    "url": "https://www.attachmentscanner.com/eicar.com",
    "filename": "eicar.com",
    "content_length": 70,
    "md5": "e7e5fa40569514ec442bbdf755d89c2f",
    "sha256": "8b3f191819931d1f2cef7289239b5f77c00b079847b9c2636e56854d1e5eff71",
    "id": "5fd964f2-c805-41a6-bd30-8241db09730a",
    "matches": [

The JSON output shows that the antivirus found the Eicar test file as a match. The status of found means that this file is malicious (it's not it's just a test file) and you can direct your application to block this file or take any other action you deem appropriate.

Next, we'll make the same scan using Java:

OkHttpClient client = new OkHttpClient().newBuilder()
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"url\": \"https://www.attachmentscanner.com/eicar.com\"}");
Request request = new Request.Builder()
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer AUTH_TOKEN")
Response response = client.newCall(request).execute();

The Java code creates a client to call the API, sets the content type as JSON and makes the POST request to scan for malware with the Authorization header set.

If all goes well we should see a similar result to the JSON above.

This has been a quick introduction to making a virus scan with the AttachmentScanner API. Hopefully you can get started quickly. There are much more details in our documentation and our examples. Of course we're always happy to help too, feel free to contact us if you need help.

AttachmentScanner Team