This page has moved and will be redirected soon. See Migrated topics for the complete list.

Malware Scan


The Malware Scan checks the submitted extension and all media files and documents to verify that they do not contain any malicious code or links.

What testing is for

Security is one of the top concerns for Magento. The Malware Scan ensures that extensions submitted to Commerce Marketplace and any associated content do not contain malicious code or viruses.

When testing is done

When you upload an extension and associated files, all code, media files, and documents are scanned before all other checks.

If the extension submission fails the Malware Scan, it is rejected without any further verification or validation.

What is being checked

The Malware Scan checks all files for the following issues:

  • Signatures of known viruses and malware software
  • Links to sites known to contain malware or other malicious content

Tools and environments used

The Malware Scan uses the following tools to check the extension submission:

  • General purpose antivirus with automatically updated virus database.
  • Yara with a set of Magento specific rules.

Reading the error report

The Magento Developer portal notifies the user if any malware or malicious links are detected during the file upload process.

If the Malware Scan fails, check the integrity of the files you uploaded by using an antivirus application to scan an environment where the package was generated.


If the Malware Scan fails on a valid extension, create a Support ticket and describe the use case.

If you find any code on the Commerce Marketplace that looks suspicious, contact Magento immediately through the Marketplace Support Portal.

We always welcome feedback and discussion on the Magento Community Engineering Slack #marketplace channel.