We are excited to announce that we have added an XXE threat detection feature to our Advanced Virus Scan API! XML External Entity (XXE) threats are targeted attacks that exploit vulnerabilities within Document Type Definitions (DTD) in XML parsers to replace entities and cause a denial of service; they can also utilize Server-Side Request Forgery (SSRF) to gain access to sensitive data. Since these threats fall outside the protection of your basic anti-virus software, the job of protecting a web application from these attacks will often fall to the developer – this is where our new capability steps in.

Advanced Virus Scanning API

Our Advanced Virus Scan API provides 360-degree content security with customizable parameters to meet your needs. The AllowXMLExternalEntities feature joins several other options such as AllowMacros, AllowExecutables, and AllowInvalidFiles to assist in fully protecting you and your customers.

How It Works

This capability is very easy to set up; simply set the parameter to false to block XML External Entities, other threats embedded in XML files, and other files that contain embedded content threats. If you wish to allow these file types, you can set the parameter to true, but the default setting is false (recommended).