BestHub
search
Sign in
Information Security 5 min read

Using Cloudmersive Virus Scan API in PHP to Secure File Uploads

This guide explains how to integrate the Cloudmersive virus‑scan API into a PHP application to efficiently detect and block malicious scripts in uploaded files, preventing XSS attacks and ensuring safe file handling with configurable security parameters.

php中文网 Courses
php中文网 Courses
php中文网 Courses
Using Cloudmersive Virus Scan API in PHP to Secure File Uploads

File uploads can be exploited by attackers who embed malicious HTML, SVG, or other script files to launch cross‑site scripting (XSS) attacks; integrating a low‑code API during the PHP upload process allows rapid detection of such threats.

By setting the special request parameter $allow_scripts to false , any file containing script tags triggers a response with CleanResult=false , matching the behavior when viruses or malware signatures are found.

The API client is installed via Composer with a single command:

composer require cloudmersive/cloudmersive_virusscan_api_client

After installation, the following PHP code configures the API key, sets security options (including $allow_scripts = false ), and calls scanFileAdvanced to scan the uploaded file for scripts, executables, invalid formats, macros, XML entities, insecure deserialization, and HTML content.

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure API key
$config = Swagger\Client\Configuration::getDefaultConfiguration()->setApiKey('Apikey', 'YOUR_API_KEY');

$apiInstance = new Swagger\Client\Api\ScanApi(new GuzzleHttp\Client(), $config);
$input_file = "/path/to/inputfile"; // \SplFileObject
$allow_executables = false;
$allow_invalid_files = false;
$allow_scripts = false; // block script files
$allow_password_protected_files = false;
$allow_macros = false;
$allow_xml_external_entities = false;
$allow_insecure_deserialization = false;
$allow_html = false;
$restrict_file_types = ""; // no restriction

try {
    $result = $apiInstance->scanFileAdvanced(
        $input_file,
        $allow_executables,
        $allow_invalid_files,
        $allow_scripts,
        $allow_password_protected_files,
        $allow_macros,
        $allow_xml_external_entities,
        $allow_insecure_deserialization,
        $allow_html,
        $restrict_file_types
    );
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling ScanApi->scanFileAdvanced: ', $e->getMessage(), PHP_EOL;
}
?>

A free Cloudmersive API key provides up to 800 calls per month, allowing developers to block scripts, scan for viruses, and identify various content types with just a few lines of PHP code.

backendphpCloudmersive APIfile upload securityVirus ScanningXSS prevention
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment