Is there any virus scanner installed on Azure App Service machines? When my web application is receiving a file, is it scanned on the wire? Or could I save it to disk, wait 2 seconds and if it disappears, assume that the machine's antivirus had removed it?
If this is not possible by default, would Microsoft Defender for Cloud enable this? It costs 15€/month/App Service so not bad if it contains virus scanning.
To long for a comment:
As far as I understand it, anti-malware is hardly ever enabled by default on cloud platforms and services and almost always something that needs to be enabled explicitly/via an add-on.
https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware seems to suggest that is also the case for Azure services in general.
(The possible issues with enabling anti-malware is that is adds a certain amount of overhead, there is always a risk of false positives and an organisation and their applications need to be aware and respond appropriately when malware gets detected. i.e. Are malware/viruses only to be reported, will the malware get quarantined, or will files get (silently) deleted? Is the sender to be notified, or only the receiver / receiving process? And how? etc. etc.)
When in doubt:
Upload a file and/or submit data that contains the EICAR test file.
