[{"data":1,"prerenderedAt":12},["ShallowReactive",2],{"$fQk4BYM3VkKLg_LvIN9WzIjA2sj_L0-ji3_3fhPM4wgU":3},{"title":4,"slug":5,"excerpt":6,"category":7,"order":8,"screens":9,"html":11},"Virus scanning","virus-scanning","How EmailConnect scans every attachment for malware before it reaches your webhook","security",15,[10],"aliases","\u003Cp>Every attachment on \u003Cstrong>Business+\u003C\u002Fstrong> plans is scanned for malware before delivery. Infected files are rejected automatically — your webhook only receives clean, verified attachments.\u003C\u002Fp>\n\u003Ch2>Powered by ClamAV\u003C\u002Fh2>\n\u003Cp>EmailConnect uses \u003Ca href=\"https:\u002F\u002Fwww.clamav.net\u002F\">ClamAV\u003C\u002Fa>, the industry-standard open-source antivirus engine. ClamAV is maintained by Cisco&#39;s Talos Intelligence Group and is trusted by millions of deployments worldwide, from mail servers to enterprise gateways.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Open source\u003C\u002Fstrong> — fully auditable, no black-box scanning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Battle-tested\u003C\u002Fstrong> — used by major email providers, hosting companies, and enterprises\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Broad coverage\u003C\u002Fstrong> — detects viruses, trojans, ransomware, phishing payloads, and other threats\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>Virus definition updates\u003C\u002Fh2>\n\u003Cp>Virus definitions are updated automatically via ClamAV&#39;s built-in \u003Ccode>freshclam\u003C\u002Fcode> daemon. Definitions are stored persistently, so restarts don&#39;t trigger a full re-download.\u003C\u002Fp>\n\u003Cp>Updates are applied in the background without service interruption. To keep memory usage predictable during updates, new definitions are loaded sequentially rather than in parallel with the old set.\u003C\u002Fp>\n\u003Ch2>How scanning works\u003C\u002Fh2>\n\u003Col>\n\u003Cli>An email with attachments arrives at your alias\u003C\u002Fli>\n\u003Cli>Each attachment is streamed to the ClamAV daemon for scanning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean files\u003C\u002Fstrong> are delivered normally with scan metadata in the payload\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Infected files\u003C\u002Fstrong> are rejected and excluded — no download URL is provided\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Scanning happens inline before your webhook fires. There is no separate queue or delay beyond the scan itself.\u003C\u002Fp>\n\u003Ch2>Clean file payload\u003C\u002Fh2>\n\u003Cp>Clean attachments include a \u003Ccode>virusScan\u003C\u002Fcode> object confirming the result:\u003C\u002Fp>\n\u003Cpre>\u003Ccode class=\"language-json\">{\n  &quot;filename&quot;: &quot;report.pdf&quot;,\n  &quot;contentType&quot;: &quot;application\u002Fpdf&quot;,\n  &quot;size&quot;: 48210,\n  &quot;downloadUrl&quot;: &quot;https:\u002F\u002Fapp.emailconnect.eu\u002Fattachments\u002F...\u002Fdownload&quot;,\n  &quot;virusScan&quot;: {\n    &quot;status&quot;: &quot;clean&quot;\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch2>Infected file payload\u003C\u002Fh2>\n\u003Cp>Infected attachments are excluded from the payload. No download URL is provided, and the file is not stored:\u003C\u002Fp>\n\u003Cpre>\u003Ccode class=\"language-json\">{\n  &quot;filename&quot;: &quot;eicar_com.zip&quot;,\n  &quot;contentType&quot;: &quot;application\u002Fx-zip-compressed&quot;,\n  &quot;size&quot;: 184,\n  &quot;excluded&quot;: true,\n  &quot;excludeReason&quot;: &quot;virus-detected&quot;,\n  &quot;status&quot;: &quot;rejected&quot;,\n  &quot;virusScan&quot;: {\n    &quot;status&quot;: &quot;infected&quot;,\n    &quot;threat&quot;: &quot;Eicar-Test-Signature&quot;\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A top-level \u003Ccode>security.virusScan\u003C\u002Fcode> summary is included in every webhook payload with scan statistics. See the \u003Ca href=\"\u002Fhelp\u002Fwebhook-payload-reference\u002F\">webhook payload reference\u003C\u002Fa> for full field documentation.\u003C\u002Fp>\n\u003Ch2>Testing virus scanning\u003C\u002Fh2>\n\u003Cp>Send an email with the \u003Ca href=\"https:\u002F\u002Fwww.eicar.org\u002Fdownload-anti-malware-testfile\u002F\">EICAR test file\u003C\u002Fa> attached. This is a harmless industry-standard test string that every antivirus engine detects. Your webhook payload will show the attachment as rejected with threat \u003Ccode>Eicar-Test-Signature\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch2>Limits\u003C\u002Fh2>\n\u003Cp>Attachments up to \u003Cstrong>10 MB\u003C\u002Fstrong> are scanned. This matches the maximum email size accepted by EmailConnect.\u003C\u002Fp>\n\u003Ch2>Availability\u003C\u002Fh2>\n\u003Cp>Virus scanning is available on \u003Cstrong>Business\u003C\u002Fstrong> and \u003Cstrong>Platform\u003C\u002Fstrong> plans. On lower plans, attachments are delivered without scanning.\u003C\u002Fp>\n\u003Ch2>Related topics\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Fattachment-processing\u002F\">Attachment processing\u003C\u002Fa> — storage modes and attachment handling\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Fwebhook-payload-reference\u002F\">Webhook payload reference\u003C\u002Fa> — full payload field documentation\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Falias-rules\u002F\">Alias rules\u003C\u002Fa> — filter emails by attachment type\u003C\u002Fli>\n\u003C\u002Ful>\n",1781207679704]