Virus and Malware Scanner

The Virus & Malware Scanner Extension allows the developer to scan files uploaded by users so that a warning can be added for malicious content.

Before you begin

This Extension uses a third-party API service - Scanii - to scan media messages. Create an account with Scanii API Service and get your pair of API Key and Secret.

Extension settings

1. Login to CometChat and select your app.
2. Go to the Extensions section and enable the Virus and Malware Scanner extension.
3. Open the Settings for this extension.
4. Enter Scanii API Key and Scanii Secret and click on save.

How does it work?

Once the Extension is enabled for your App and the Extension Settings are saved, the recipients will receive metadata with an array of results.

The Virus Scan results will be updated later for the message and hence you need to implement the onMessageEdited listener. Please check the Edit a Message page under the Messaging section of each SDK for more details.

This can be used to show warning messages:

JSON

{
  "@injected": {
    "extensions": {
      "virus-malware-scanner": {
        "attachments": [
          {
            "data": {
              "url": "https://media.com/1646056756_400568974.mp3",
              "name": "a2.mp3",
              "size": 1519658,
              "verdict": {
                "scan_results": [],
              },
              "mimeType": "audio/mpeg",
              "extension": "mp3",
            },
            "error": null,
          },
          {
            "data": {
              "url": "https://media.com/1646056756_400568933.mp3",
              "name": "a1.mp3",
              "size": 1519658,
              "mimeType": "audio/mpeg",
              "extension": "mp3",
              "verdict": null
            },
            "error": {
              "code": "ERROR_CODE",
              "message": "Error Message",
              "devMessage": "Error message",
              "source": "ext-api"
            }
          }
        ],
        "scan_results": [],
      },
    },
  },
}

If the scan_results is an empty array, it means the message is safe.

If the virus-malware-scanner key is missing, then either the extension is not enabled or your Scanii credits are over.

info

The scan_results, to the outside of attachments are the result for the first attachment from the attachments array. This has been retained for backward compatibility only.
You can iterate over attachments array for better implementation.

Implementation

At the recipients' end, from the message object, you can fetch the metadata by calling the getMetadata() method. Using this metadata, you can fetch the Rich Media Embed.

Javascript

const metadata = message.getMetadata();
if (metadata != null) {
  const injectedObject = metadata["@injected"];
  if (injectedObject != null && injectedObject.hasOwnProperty("extensions")) {
    const extensionsObject = injectedObject["extensions"];
    if (
      extensionsObject != null &&
      extensionsObject.hasOwnProperty("virus-malware-scanner")
    ) {
      const { attachments } = extensionsObject["virus-malware-scanner"];
      for (const attachment of attachments) {
        if (!attachment.error) {
        	const { scan_results } = attachment.data.verdict;
        	// Check the other parameters as required.
        }
      }
    }
  }
}

Java

JSONObject metadata = message.getMetadata();
if (metadata != null) {
  JSONObject injectedObject = metadata.getJSONObject("@injected");
  if (injectedObject != null && injectedObject.has("extensions")) {
    JSONObject extensionsObject = injectedObject.getJSONObject("extensions");
    if (extensionsObject != null && extensionsObject.has("virus-malware-scanner"))
        {
          JSONObject tg = extensionsObject.getJSONObject("virus-malware-scanner");
      		JSONArray attachments = tg.getJSONArray("attachments");

      		for (int i = 0; i < attachments.length(); i++) {
            JSONObject attachment = attachments.getJSONObject(i);
            JSONObject error = attachment.getJSONObject("error");
            if (error == null) {
              JSONObject data = attachment.getJSONObject("data");
              JSONObject verdict = data.getJSONObject("verdict");
            	String unsafe = thumbnails.getString("scan_results");
							// Check the other parameters as required.
            }
          }
        }
    }
}

Kotlin

if (metadata != null) {
  if (metadata.has("@injected")) {
		val injected = metadata.getJSONObject("@injected")
    if (injected != null && injected.has("extensions")) {
    	val extensions = injectedJSONObject.getJSONObject("extensions")
			if (extensions != null && extensions.has("virus-malware-scanner")) {
  			val tg = extensions.getJSONObject("virus-malware-scanner")
  			val attachments = tg.getJSONArray("attachments")
				for (i in 0 until attachments.length()) {
          val attachment = attachments.getJSONObject(i)
          val error = attachment.getJSONObject("error")
          if (error == null) {
            val data = attachment.getJSONObject("data")
            val verdict = data.getJSONObject("verdict")
          	val unsafe = verdict.getString("scan_results")
            // use other parameters are required.
          }
        }
			}
		}
	}
}

Swift

if let metaData = message?.metaData , let injected = metaData["@injected"] as? [String : Any], let extensions = injected["extensions"] as? [String : Any], let attachments = extensions["virus-malware-scanner"] as? [[String : Any]] {

    for attachment in attachments {

      if let data = attachment["data"] as? [String:Any] , let verdict = data["verdict"] as? [String:any] {
    	// Check for the parameters as required.
       if let unsafe = URL(string: verdict["scan_results"] as? String) {
        // Use the url accordingly.
      }
      
      // check for attachment.error if "verdict" is null
   }
}
}