Virus and Malware Scanner

Learn how to scan user uploaded files for viruses, malware, phishing, spam and other malicious content

The Virus & Malware Scanner Extension allows the developer to scan files uploaded by users so that a warning can be added for malicious content.

Before you begin

This Extension uses a third-party API service - scanii - to scan media messages.
Create an account with Scanii API Service and get your pair of API Key and Secret.


  1. Login to the CometChat Dashboard and select your app.
  2. On the Extensions page add the Virus and Malware Scanner extension.
  3. Go to the Installed tab and open the Settings for this extension.
  4. Enter Scanii API Key and Scanii Secret and click on save.

How does it work?

Once the Extension is enabled for your App and the Extension Settings are done, the recipients will receive metadata with an array of results.

The Virus Scan results will be updated later for the message and hence you need to implement the onMessageEdited listener. Please check the Edit a Message page under the Messaging section of each SDK for more details.

This can be used to show warning messages:

"@injected": {
  "extensions": {
    "virus-malware-scanner": {
      "scan_results": [ "av.crdf.malware-generic.2462546599.unofficial", "content.en.language.nsfw.49", "content.image.nsfw.illustrated-nudity-or-sexual-activity" ]

If the data is missing, it means that the extension has timed out.


At the recipients' end, from the message object, you can fetch the metadata by calling the getMetadata() method. Using this metadata, you can fetch the Rich Media Embed.

var metadata = message.getMetadata();
if (metadata != null) {
  var injectedObject = metadata["@injected"];
  if (injectedObject != null && injectedObject.hasOwnProperty("extensions")) {
    var extensionsObject = injectedObject["extensions"];
    if (
      extensionsObject != null &&
    ) {
      var scannerObject = extensionsObject["virus-malware-scanner"];
      var scan_results = scannerObject["scan_results"];
JSONObject metadata = message.getMetadata();
if (metadata != null) {
  JSONObject injectedObject = metadata.getJSONObject("@injected");
  if (injectedObject != null && injectedObject.has("extensions")) {
    JSONObject extensionsObject = injectedObject.getJSONObject("extensions");
    if (extensionsObject != null && extensionsObject.has("virus-malware-scanner")) {
          JSONObject scannerObject = extensionsObject.getJSONObject("virus-malware-scanner");
if (metadata != null) {
  if (metadata.has("@injected")) {
   val injectedJSONObject = metadata.getJSONObject("@injected")
   if (injectedJSONObject != null && injectedJSONObject.has("extensions")) {
   val extensionsObject = injectedJSONObject.getJSONObject("extensions")

   if (extensionsObject != null && extensionsObject.has("virus-malware-scanner")) {
     val scannerObject = extensionsObject.getJSONObject("virus-malware-scanner")
let textMessage = message as? TextMessage
var metadata : [String : Any]? = textMessage.metaData
if metadata != nil {

    var injectedObject : [String : Any]? = (metadata?["@injected"] as? [String : Any])!
    if injectedObject != nil && (injectedObject!["extensions"] != nil){

      var extensionsObject : [String : Any]? = injectedObject?["extensions"] as? [String : Any]

      if extensionsObject != nil && extensionsObject?["virus-malware-scanner"] != nil {
        var scannerObject = extensionsObject?["virus-malware-scanner"] as! [String :  Any]

Did this page help you?