Enterprise level applications with the option to be able to upload binaries require anti-malware protection. Also, most enterprise policies require "Anti-malware" to be implemented to be compliant.
AEM does not provide any means of Anti-Virus OOTB, but there are solutions which can be used in "on-premise" and AMS (managed Service) scenarios.
However, in AEMaaCS (Cloud Service) there is no option, and no way to create a "customization" to be able to implement anti-virus/malware-protection.
In the AdaptTo()-2020 several ways to implement "Anti-Malware in AEM" were proposed .
The solution by Oliver Lietz (Sling Contributor) has the charm, that the malware scanning would be implemented on SLING level using SlingJobs (which would work across the Author Cluster in AEMaaCS), with a "CloudService" which is used to scan the binaries outside of the AEM instances - which seems to be compatible with AEMaaCS and it's Cloud-Services (Cloud-Blob-Store, Asset Microservices etc, ... ) .
This solution, if implemented, could likely use a very scaleable "Anti-Malware scanning Backend" within "Containerization", which would be massively scalable, and though HTTP-requests very loosely oupled to AEM.
Cloud-based "OOTB Anti-Maleware Scanning as a Service" in AEM Cloud Service (similar to "Asset Microservice"). Each larger customer is required to have "Anti-Malware-protection/scanning" for compliance as well as to be save to deliver "assets" to customers and users.
NO solution to scan for Malware is available on AEM Cloud Service (AEMaaCS) - neither OOTB nor custom!
AEM Cloud Service should can each binary (and possibly strings) for malware - best as "Service within AEM Cloud Service".
Environment Details (AEM version/service pack, any other specifics if applicable):