Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.
There are no near term plans to provide this functionality. However we will keep it under review for periodic re-evaluation in the future.
Azure App Service Team
We have a standard requirement to scan all incoming files with some form of AV. Currently, we have create additional infrastructure outside our app service to send the file to AV, which increases our cost and compliance burden. Having an AV option integral to the app service will allow users in our situation to keep the bytes within the app service, reducing our footprint and complexity.
As mentioned below, we are using the AMSI Antimalware Services Interface to execute our AV scans.
Ian Chivers commented
Microsoft should consider opening up the AMSI AnitMalware Services Interface now that they've upgraded the App Service machines to Windows Server 2016
Richard B. commented
You may want to take a look at this github project for something which may assist for your scenario...
Hi, please confirm are you stating, Azure app service(web app) does not contain antimalware protection just like iaas VM's?