Malware in JSON documents

When developers decide to use JSON format to transfer files a standard Anti-Virus scanning of full JSON may not detect embedded malicious content.

I put EICAR into a field of JSON document and scanned the file using Virus Total. I was surprised that this use cases is hardly covered by Anti-Viruses.

This might be a challenge for securing end to end flows where API gateway with Anti-Malware scanning doesn’t use deep inspection.

Below is example of ICAP service developed with Kong API gateway in mind and standard JSON REST API use cases. JSON document is analyzed step by step, binary payloads are extracted and scanned separately.