Background
Cloudmersive’s
Virus Scan API makes enterprise-grade file scanning available as a
simple cloud-based API call. Development teams can plug this API
into any workflow that handles file uploads or transfers and expect
to get high-quality protection against a wide range of serious
file-based threats
The problem it
solves is simultaneously mundane and mission-critical. Every
business that processes digital files (e.g., web apps accepting
resumes, cloud platforms handling massive document transfers, etc.)
faces the risk that one of those files contains hidden malware. A
single infected upload can cause massive problems: ransomware
infections, data breaches, prolonged downtime, or any number of other
costly outcomes. The Advanced Virus Scan API gives enterprise
cybersecurity executives and developers the flexibility to address
that risk anywhere they see fit within their own infrastructure.
In essence, it’s
an enterprise security control condensed into an API endpoint. Like
any API, it allows developers to stay focused on their application’s
business logic while Cloudmersive handles the difficult and expensive
part: continuously maintaining an updated database of threat
signatures, state-of-the-art heuristics, and machine learning
detection models.
This review takes
a close look at the Advanced Virus Scan API’s capabilities and
performance, and it evaluates this API’s fit within
Cloudmersive’s larger product ecosystem.
Cloudmersive Services Overview
API-First Platform
Before we dive
into our Advanced Virus Scan API review, we’ll do a brief
overview of Cloudmersive services.
Cloudmersive is a
relatively young company that has built its brand around a variety of
API-driven utility services. While security is clearly the primary
focus of their business, their full catalog spans several different
verticals: file scanning, document conversion, OCR, barcode
recognition, data validation, etc. among others.
Across all these
services, the business model is uniform. Cloudmersive wants to take
your repetitive backend functionality, abstract it away into a
hardened environment, and expose it to you through developer-friendly
endpoints.
They’ve
certainly nailed the developer-friendly part. Accessibility is the
big draw. Documentation is clean, SDKs exist for all major
programming languages (C#, Java, Python, Node.js, Go, PHP, Ruby and
even JavaScript), and code samples are copy-paste ready. For teams
who don’t have time to build complex antivirus integrations
internally (and who does?), it’s hard to argue with a service
that just plain works via HTTPS call and API key.
The Advanced Virus Scan API
At its heart, the
API provides two scanning modes.
Basic Scan:
Signature-based; suitable for standard antivirus workflows
Advanced
Scan: Adds heuristic analysis, AI-based analysis, and structural
analysis layers; Cloudmersive brands this as “360-Degree
Content Verification”
Understanding Cloudmersive’s Basic and
Advanced Scanning Modes
You might notice
that so far in this review, we’ve only been referring to the
Virus Scan API in terms of its Advanced mode when a Basic
mode also exists.
Here’s why:
After doing some research into the product, I found that there’s
little reason to use only the Basic version. Both services cost the
same, and the Advanced version gives you everything the Basic version
does.
So, why doesn’t
Cloudmersive just sell the former instead of both? I can’t say
for certain, but my theory is Cloudmersive presents the Basic scan as
a separate option because it orients customers in the world of
antivirus products they already understand. Explaining what the
Advanced Virus Scan API does is a (big) mouthful of jargony
information, and those advanced capabilities might seem superfluous
at first for customers just starting their online search for
antivirus solutions.
Ironically, the
“Advanced” mode is really what differentiates the API
from competition in the antivirus space. It’s built to catch
the unique types of file-based threats that signature-only systems
frequently miss, such as disguised executables, scripts embedded deep
within MS Office documents, JavaScript buried in PDFs, malformed
archives, and all kinds of corrupted binaries designed specifically
to evade signature-only scanning engines.
Cloudmersive
clearly thinks these are the threats most likely to hurt your
enterprise in a fast-evolving threat landscape, and it’s hard
to argue with that position. Sophisticated threat actors have always
devised clever malware to stay ahead of the signature-based scanning
curve, and with the advent of black hat LLMs for speeding up unique
malware creation, it’s become much easier for less
sophisticated threat actors to do the same.
Advanced Virus Scan API Requests
Advanced Virus
Scan API requests are sent as standard multipart/form-data uploads,
and each response returns structured JSON detailing whether certain
types of threats were found, which threat rules triggered that
conclusion, and what other suspicious content might’ve been
nestled within the original file. Developers can drop this into any
file handling pipeline and expect full file scanning and file
verification functionality wrapped into one.
Deployment & Integration
Primary Deployment Options
The API can be
consumed in three primary ways:
| Integration Option |
Description |
Public Cloud Deployment |
Hosted entirely by Cloudmersive. Teams get immediate API access with zero setup.
Ideal for small to midsize applications. Drawbacks are consistent with any shared
cloud infrastructure.
|
Private Cloud Deployment |
Dedicated single-tenant infrastructure. Ideal for organizations requiring stronger
isolation and compliance guarantees. Can be enterprise-hosted in AWS, Azure, GCP, etc.,
or on-premises.
|
Managed Instance Deployment |
Cloudmersive handles provisioning, scaling, and updates while the customer retains
dedicated hardware and configuration control. A heavily abstracted option for large
enterprises that prefer interacting via Cloudmersive’s management portal.
|
As mentioned
before, connectivity is handled over HTTPs with API key
authentication in all cases. There’s no requirement to manage
updates to scanning engines or cluster nodes; Cloudmersive handles
that continuously in the background.
Integration with Cloudmersive Security Products
It’s worth
noting Advanced Virus Scan API is used in most of Cloudmersive’s
flagship security products, including their virus-scanning forward or
reverse proxy server, their cloud storage virus-scanning solution,
and their virus-scanning ICAP server. There’s no formal API
integration involved here; these products are powered by the
Advanced Virus Scan API as their primary security engine (they aren’t
necessarily limited to virus scanning, however – these products
can also be configured to call Cloudmersive’s Content
Moderation API as an additional security measure).
If you’re
looking for a full-fledged antivirus product to plug into your
infrastructure rather than a standalone API service, you can
implement one of these API-powered products and take advantage of all
the same deployment options. It’s pretty unique that they offer
both options.
Performance & Accuracy
API response
times are fast in day-to-day use. Customers can expect well under a
second for small files, even when using the Advanced mode. Throughput
scales horizontally across multiple nodes, and multi-gigabyte files
are supported depending on plan limits.
The detection
engine itself combines traditional signature-based scanning
(signatures continuously updated from a combination of private and
public malware signature databases each day) with heuristic pattern
recognition and structural file analysis. Cloudmersive cites a
detection rate of about 95% from third-party studies, and while that
figure isn’t independently verified here, empirical testing
suggests strong performance on both known-malware sets and
mixed-document archives.
Zero Day Detection Rate (ZDDR)
Cloudmersive has
also carried out an internal test of their Advanced Virus Scan API
using a metric called Zero Day Detection Rate (ZDDR). In short, this
test studied the efficiency of the Advanced Virus Scan API in
detecting malware from datasets that it had not been trained to
recognize (in this case, Cloudmersive used the Malware Bazaar
dataset).
From the copy of
this report I received, ZDDR hovered around 96% over 5 days of
testing. That’s a very impressive number. I haven’t
reproduced this test yet, but all the information required to
reproduce this test is disclosed in their report. It’s clear
Cloudmersive is confident in these results, and I’ll give them
the benefit of the doubt. Here’s a snapshot of results from
this test (taken from Cloudmersive’s ZDDR Whitepaper):
| Malware Bazaar Date |
Files Scanned |
CleanResult: False (num) |
CleanResult: False (%) |
CleanResult: True (num) |
CleanResult: True (%) |
Clean File Extension Histogram |
| 10/2/2025 |
332 |
311 |
93.67% |
21 |
6.33% |
.unknown(8), .js(5), .hta(1), .pdf(1), .zip(4), .svg(1), .bat(1) |
| 10/3/2025 |
306 |
302 |
98.69% |
4 |
1.31% |
.js(2), .hta(1), .elf(1) |
| 10/6/2025 |
477 |
461 |
96.65% |
16 |
3.35% |
.js(2), .xlsx(1), .sh(3), .ps1(1), .bat(1), .elf(1), .vbe(1), .rar(2), .unknown(2), .xls(1) |
| 10/7/2025 |
412 |
398 |
96.60% |
14 |
3.40% |
.unknown(3), .sh(2), .js(2), .elf(2), .ps1(1), .rar(1), .msi(1), .py(1), .chm(1) |
| 10/8/2025 |
403 |
390 |
96.77% |
13 |
3.23% |
.rar(3), .hta(2), .sh(5), .bat(2), .vbs(1) |
The real-world
takeaway: the API is fast enough for inline scanning and reliable
enough for enterprise workflows. The metrics I have available say it
definitely works.
Management & Configuration
We’ve
alluded to Cloudmersive’s Management Center Portal (MCP)
already in this review. This portal doubles as the control hub for
API users. From the MCP, admins can generate and rotate API keys,
view usage analytics for all their Cloudmersive products (including
any of the non-file scanning APIs we mentioned earlier on), configure
region settings, monitor call volumes, and much more.
Logging and
reporting in the MCP are straightforward; it’s not fancy, but
it’s practical. The interface leans functional over flashing,
and I’d say that works in its favor. If you’re someone
who likes elegant form with their function, you might have a few
notes to leave in the suggestion box.
The Advanced
Virus Scan API also exposes toggles for security sensitivity. For
example, it gives customers simple dropdown menu options for
determining whether to allow or disallow potentially unsafe macros or
executable content within certain file types. These granular controls
let teams fin-tune scanning based on their own risk tolerance, which
is often missing in other “black-box” scanning APIs.
Global Data Residency
Cloudmersive
provides regional endpoints around the globe, including North
America, the EU, the U.K., and Asia-Pacific (including Singapore,
India, and Australia). For compliance-driven organizations (e.g.,
those under GDPR, HIPAA, or local data-sovereignty laws), being able
to choose a region is critical. While the current list covers major
jurisdictions, enterprises with stricter residency demands might
still find the options somewhat limited.
Here’s a
full breakdown of Cloudmersive’s global server regions:
| Global Region |
Specific Server Location |
| North America |
- Hillsboro, Oregon, USA
- Vint Hill, Virginia, USA
- Beauharnois, Quebec, Canada
|
| European Union |
- Frankfurt, Hesse, Germany
- Warsaw, Masovia, Poland
- Gravelines, Hauts-de-France, France
|
| United Kingdom |
- London, England, United Kingdom
|
| Asia Pacific |
- Sydney, New South Wales, Australia
- Singapore, Singapore
- Mumbai, India
|
Pricing & Plans
Cloudmersive’s
pricing plans follow the typical API SaaS model. They allow free
developer tiers with usage caps, then metered paid plans scaling up
to enterprise agreements. The enterprise tier unlocks dedicated
regions, larger file size limits (which are notably small for the
free-tier), and formal SLAs. Pricing transparency is decent enough,
though serious adopters will likely want to discuss volume-based or
managed-instance pricing directly with a Cloudmersive representative.
All in all, the
trade-off is predictable. You get flexibility and easy of use on the
low end, and compliance & control on the high end.
Real-World Usability
Once integrated,
the API is effectively invisible to end users. The API receives a
file, hands back a JSON response, and developers decide what to do
next (block, quarantine, accept, etc.). Logs can be piped into SIEM
tools for centralized threat monitoring. There’s no
perceptible slowdown in typical web workflows, and error handling is
clean through Cloudmersive’s custom API exception library.
Like most SaaS/PaaS companies, the appeal is outsourced complexity
with retained control.
Limitations
The API’s
simplicity also serves as its primary constraint. While it offers
strong file scanning, it’s not a full content-disarm or
sandboxing solution. There’s no live behavioral analysis; it
focuses entirely on static inspection. Additionally, integration
requires developers to manage the decision logic (what happens if a
scan fails? What happens when a request times out? Etc.) which isn’t
what everyone considers to be “plug-and-play”.
These aren’t
major drawbacks, though. They’re just the expected trade-offs
of using any API-based service instead of a full appliance of proxy
layer.
Conclusion
Overall,
Cloudmersive’s Advanced Virus Scan API is a well-executed
implementation of a simple idea: make serious, enterprise-grade file
scanning accessible through an API call. It’s reliable, fast,
and developer friendly, and it doesn’t attempt to be a “silver
bullet” for every threat scenario (that’s part of its
strength).
For teams looking
to embed malware detection flexibly into different workflows, this is
one of the stronger options available. Like the rest of
Cloudmersive’s ecosystem, pragmatism takes a front seat to
flashiness, and the result is an unglamorous workhorse that does
exactly what it claims to do.
