Malware scan
The malware scan checks the submitted listing for critical security vulnerabilities and all media files and documents to verify that they do not contain any malicious code or links.
What testing is for
Security is one of the top concerns for Adobe Commerce. The malware scan ensures that listings submitted to Commerce Marketplace and any associated content do not contain malicious code or viruses.
When testing is done
When you upload a listing and associated files, all code, media files, and documents are scanned before all other checks.
If the submission fails the malware scan, it is rejected without any further verification or validation.
What is being checked
The malware scan checks all files for the following issues:
- Signatures of known viruses and malware software
- Links to sites known to contain malware or other malicious content
Tools and environments used
The malware scan uses the following tools to check the submission:
- General purpose antivirus with automatically updated virus database.
- Yara with a set of Commerce specific rules.
Reading the error report
The Developer portal notifies the user if any malware or malicious links are detected during the file upload process.
If the malware scan fails, check the integrity of the files you uploaded by using an antivirus application to scan an environment where the package was generated.
Troubleshooting
If the malware scan fails on a valid listing, create a Support ticket and describe the use case.
If you find any code on the Commerce Marketplace that looks suspicious, contact Magento immediately through the Marketplace Support Portal.
We always welcome feedback and discussion on the Magento Community Engineering Slack #marketplace channel.
