Virus scanning of uploaded files via VirusTotal API?

I realize virus scanning of files is included in the paid enterprise version, but in an age where privacy and security are becoming increasingly crucial, shouldn’t the free version also have something like that to promote free sharing of information?

I don’t know how the enterprise anti virus works, but perhaps the free version could use the VirusTotal API to check URLs of uploads and display scan results beside them?

Has this method been considered, or is there already a plugin for something like this that I’m unaware of?

1 Like

Our plugin is open source and available here: GitHub - discourse/discourse-antivirus: Scan your Discourse uploads.. It uses ClamAV

At the moment we only support it directly via our Enterprise plan because:


Echoing Kris, I’m not aware of anything outside of our ClamAV integration at the moment, but I also want to add that anyone looking for a fun plugin project to start playing with Discourse plugins, getting Discourse to use something like the VirusTotal API for uploads sounds like a good one!


I hope users like you will be banned sooner than later at VirusTotal:

You agree that you may not use or attempt to:
Copy, reproduce, alter, modify, create derivative works, publicly display, republish, upload, post, transmit, resell or distribute in any way material, information or functionalities from the Service – including, without limitation, using the Service in any way for antivirus/URL scanner testing or that could directly or indirectly harm, compete with, or otherwise hinder the antivirus industry/URL scanner industry.

1 Like

I think that the topic starter was referring to the enterprise and free versions of Discourse.

And even then, VirusTotal offers an API that is free to use, as can be read in Public vs Premium API :

The Public API, on the other hand, is a set of endpoints available for everyone to use at no cost. The only thing you need in order to use the Public API is to sign up to VirusTotal Community and obtain your API key as described in Getting started.

I don’t see how this could do any harm.