Skip to main content

Malware Scanning

Overview​

Torvus automatically scans all uploaded files for malware using industry-standard ClamAV antivirus software. This protection layer ensures that your digital vault remains secure and that malicious files are detected and blocked before they can cause harm.

What Happens to My Files?​

Upload Process​

When you upload a file to your vault, Torvus follows this security workflow:

  1. You select a file to upload - Choose any supported file type from your device
  2. Automatic malware scan - The file is scanned by ClamAV (takes 200-500ms on average)
  3. Results processed:
    • If clean: File is encrypted with AES-256 encryption and safely stored in your vault
    • If infected: Upload is immediately rejected and you receive an error message

All scans happen automatically in the background. You don't need to do anything special - just upload your files normally and Torvus handles the security checks.

Quarantine Process​

If a file is flagged as containing malware:

Immediate Actions:

  • Upload is rejected with an error message
  • File is NOT stored in your vault
  • You receive a notification explaining the detection

Your Next Steps:

  1. Scan your device - Run a full antivirus scan on your computer to check for infections
  2. Identify the source - Determine where the file came from
  3. Delete if malicious - Remove the file from your device if confirmed as malware
  4. Contact support if needed - If you believe this is a false positive, contact our security team at security@torvussecurity.com

Privacy Protection:

  • Only the file name, hash, and threat signatures are logged
  • No file contents are ever stored or logged
  • All detections are audit logged for security compliance

What File Types Are Scanned?​

All file types are scanned, including:

  • Documents: PDF, Word (.doc, .docx), Excel (.xls, .xlsx), PowerPoint (.ppt, .pptx)
  • Images: JPEG, PNG, GIF, BMP, TIFF
  • Archives: ZIP, RAR, 7Z, TAR, GZ
  • Executables: EXE, DLL, MSI, DMG, APP
  • Scripts: JS, VBS, BAT, SH, PY
  • And more - All uploaded files are scanned regardless of extension

False Positives​

While rare, legitimate files can sometimes be flagged as malware. This is known as a "false positive."

Common Causes of False Positives:​

  • Developer tools - Compilers, debuggers, and development utilities
  • Security software - Penetration testing tools and security utilities
  • Generic heuristics - Files with suspicious patterns that aren't actually malicious
  • Packed executables - Compressed or obfuscated legitimate software
  • Custom software - Unsigned or lesser-known applications

If You Encounter a False Positive:​

  1. Verify the file is legitimate - Ensure it's from a trusted source
  2. Scan with another tool - Use VirusTotal or your local antivirus for a second opinion
  3. Contact our security team:
    • Email: security@torvussecurity.com
    • Subject: "False Positive Report - Malware Scan"
    • Include:
      • File name and type
      • Threat name reported by Torvus
      • Why you believe it's a false positive
      • Source of the file (official website, etc.)

Our security team will review the detection within 24-48 hours and can manually approve the file if confirmed safe.

Privacy & Security​

Data Protection​

  • Files are scanned before encryption - Scanning happens on unencrypted files for accuracy
  • No content logging - Only metadata (file hash, threat names) is stored
  • Encrypted storage - After passing scan, files are immediately encrypted with AES-256
  • Isolated quarantine - If a file is quarantined, it's completely isolated and inaccessible

Audit Trail​

All malware scans are logged for security and compliance purposes:

  • What is logged:

    • Scan timestamp
    • File hash (SHA-256)
    • Scan result (clean/infected)
    • Threat signatures (if infected)
    • Vault ID (not file contents)

  • What is NOT logged:

    • File contents
    • File preview or thumbnails
    • Personal information from file metadata

Compliance​

Our malware scanning system supports compliance with:

  • GDPR - Privacy-by-design with minimal data logging
  • ISO 27001 - Security controls for malware prevention
  • SOC 2 - Audit logging and incident response procedures
  • HIPAA - Protected health information security requirements

Technical Details​

Scanning Engine​

  • Technology: ClamAV open-source antivirus
  • Signature Database: Updated daily from ClamAV official feeds
  • Detection Coverage: >99% of known malware threats
  • Scan Performance:
    • Average scan time: 200-500ms
    • Small files (<1MB): 50-100ms
    • Large files (>50MB): 1-3 seconds

Virus Definition Updates​

  • Frequency: Hourly checks for new virus definitions
  • Automatic updates: No user action required
  • Coverage: Includes signatures for:
    • Viruses and worms
    • Trojans and backdoors
    • Ransomware
    • Spyware and adware
    • Exploit kits
    • Potentially unwanted programs (PUPs)

Zero-Day Protection​

While signature-based scanning is highly effective, it cannot detect brand-new ("zero-day") threats that don't yet have signatures. For additional protection:

  1. Keep your device protected - Use updated antivirus software on your computer
  2. Download from trusted sources - Only upload files from reputable sources
  3. Stay informed - We'll notify users if we detect new threat patterns
  4. Behavioral analysis - ClamAV includes heuristic detection for suspicious patterns

Frequently Asked Questions​

Q: Will scanning slow down my uploads?​

A: Scanning adds 200-500ms on average to upload time - most users won't notice the delay.

Q: What happens if the scanner is unavailable?​

A: To maintain availability, uploads proceed with a warning if scanning infrastructure is temporarily down. We log all upload activity and can scan files retroactively if needed.

Q: Can I disable scanning for my vault?​

A: No. Malware scanning is a mandatory security control for all users to protect the platform and other users. It cannot be disabled.

Q: How do I know a file was scanned?​

A: All files are automatically scanned. If a file uploads successfully, it passed the scan. Infected files are rejected immediately.

Q: What if I upload a password-protected archive?​

A: Password-protected archives (ZIP, RAR, etc.) can be scanned for malware within archive headers, but the encrypted contents cannot be scanned. For best security:

  • Upload individual files rather than protected archives when possible
  • Only use password-protected archives from highly trusted sources

Q: Are encrypted files scanned?​

A: Files are scanned BEFORE encryption. When you upload a file:

  1. File is received by Torvus servers
  2. ClamAV scans the file (unencrypted)
  3. If clean, file is encrypted and stored
  4. If infected, upload is rejected

Q: Can malware be detected in documents?​

A: Yes! Malware can be embedded in PDF, Word, Excel, and other document formats through:

  • Macro viruses (Office documents)
  • PDF exploits
  • Embedded JavaScript
  • Malicious links and payloads

All document types are scanned for these threats.

Q: What types of threats are detected?​

A: Our scanning detects:

  • Viruses - Self-replicating malicious code
  • Trojans - Malware disguised as legitimate software
  • Ransomware - Encryption-based extortion malware
  • Worms - Network-spreading malware
  • Spyware - Information-stealing software
  • Backdoors - Remote access tools
  • Rootkits - System-level malware
  • Exploit Kits - Vulnerability exploitation tools

Support​

If you have questions about malware scanning or encounter issues:

  • Email: security@torvussecurity.com
  • Subject: Include "Malware Scanning" in subject line
  • Response Time: Security team responds within 24 hours

For urgent security concerns (confirmed malware infection or suspicious activity):

Last Updated: October 2025 Version: 1.0