I was working on a web application over the weekend and I needed to add a feature that would allow images to be uploaded by end-users. As we all know, we should never trust content uploaded by anonymous ‘friends’ on the internet. I wanted to add malware scanning to my project, but how? In this article, I introduce a proof-of-concept project that adds the open source ClamAV antivirus scanner to a .NET Aspire system and shares connection information so that other resources can request malware scans.

The idea

I stumbled on a medium article by Jeroen Verhaeghe where the ClamAV antivirus scanner was introduced in combination with the nClam library from Ryan Hoffman.  Jeroen shows us how the ClamAV scanner can be run in a Docker container, and in reading that I thought – why not let .NET Aspire manage the container and its communications for us?

The Proof of Concept Code

ClamAV publishes a self-maintaining docker container that updates itself with latest malware definitions. We know that containers can be added to a .NET Aspire project, so I wrote a quick resource that shared an HttpEndpoint:

Now we’re talking! We can now reference a ClamAV container resource easily in our .NET Aspire AppHost project and pass it to our website like this:

We can now scan our uploaded files with the nClam library like this:

That’s pretty easy to get started with… and there’s a lot more that we can do with this to help make our public file uploads secure by default.

Get the Code!

I’ve published my sample code, showing a Blazor application uploading files to a minimal API endpoint where ClamAV inspects the content and reports back whether malware was detected. You can find it on my GitHub at https://github.com/csharpfritz/AspireAntivirus

What do you think? Is this something that I should spend some more time wrapping and making easier to use? Create an issue on the GitHub repository if there’s something I can improve or a comment below to let me know what you think.