The malware scan checks the submitted extension and all media files and documents to verify that they do not contain any malicious code or links.
What testing is for#
Security is one of the top concerns for Magento. The malware scan ensures that extensions submitted to Commerce Marketplace and any associated content do not contain malicious code or viruses.
When testing is done#
When you upload an extension and associated files, all code, media files, and documents are scanned before all other checks.
If the extension submission fails the malware scan, it is rejected without any further verification or validation.
What is being checked#
The malware scan checks all files for the following issues:
- Signatures of known viruses and malware software
- Links to sites known to contain malware or other malicious content
Tools and environments used#
The malware scan uses the following tools to check the extension submission:
- General purpose antivirus with automatically updated virus database.
- Yara with a set of Magento specific rules.
Reading the error report#
The Magento Developer portal notifies the user if any malware or malicious links are detected during the file upload process.
If the malware scan fails, check the integrity of the files you uploaded by using an antivirus application to scan an environment where the package was generated.
If the malware scan fails on a valid extension, create a Support ticket and describe the use case.
We always welcome feedback and discussion on the Magento Community Engineering Slack #marketplace channel.