Skip to content

Malware & Virus Scanner (MVS)

This page gives an overview of the Malware & Virus Scanner (MVS), describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.

Service Description

The service provides an API for uploading & scanning files to detect whether they are safe or malicious.

Once a file has been uploaded via the API, it is queued for scanning by the service.

A client application can then poll the API to await or retrieve the scan results.

A file is considered "malicious" if it may contain a virus or malware.

The service is integrated with API Gateway.

Service Status

The service is currently in early user testing, and not yet productionised.


Issues with the service functionality or new feature requests can be opened as a Gitlab Issue in the application project.

Issues discovered with the deployment process or GCP infrastructure can be opened as a Gitlab Issue in the deployment project.

Other technical queries and support requests can be directed to Jackson Team via either of:

NOTE: This latter process will change to a HEAT ticket in the near future (Jun/Jul 2024).


The service is currently deployed to the following environments, each with API Gateway integration:

Name URL Usage
Development Used only by the service developers.
Staging Used for testing new features and releases.
Production Live productionised service.

Source Code

The source code for this service consists of:

Repository Description
Application The application itself i.e. micro-services & API.
Infrastructure Terraform & CI configuration for deployment to GCP.

These repositories are configured in the GitLab Project Factory.

Technologies Used

Technology Used For
Python Programming language
Pydantic Data model definitions
SQLAlchemy Database models & toolkit
Alembic Database migration toolkit
Postgres Database implementation
Fast API REST API (compliant with OpenAPI v3)
Docker & Docker Compose Containerisation & Orchestration
Terraform + GCP Cloud Provisioning & Platform

Operational Documentation

The following gives an overview of how the service is deployed & maintained.

User Guide

All current documentation consists of:

To suggest improvements or request additions, please open an issue in the application project.

Access Control

Details on how to register a Client Application can be found in the application project under Using the API.


Deployment to the GCP environment is via our standard terraform deployment CI pipeline.


Monitoring is configured as per our standard Google Cloud Run application module.

Service Management

The Service Owner is TBA.

The Service Manager is TBA.

The Tech Lead is Mark Hill (in lieu of Dave Hart).

The following engineers have operational experience with the service, and are able to respond to support requests or incidents: