If it's ok to have the data already in AEM before you do the scan, adding a step in the asset update workflow should do the trick. You need to build the connector to the scanning engine yourself, AEM doesn't offer anything ootb.
If you cannot do that you need to intercept the data being uploaded, stream it through the scanning engine and the continue the upload. You could do that with a servlet filter, which streams to a local file, scan that file and the continue the upload.
But when you are at it, you might want to schedule a job to peridically scan all assets again, you might upload today some malware, which is not detected by today's signatures, but the signatures will be added in a week. And then you should be able to detect it and handle it appropriately.
I would start with a servlet filter, which consumes the request body, stores it into a file on disk, invokes the scan of it and then continues with the filter chain (probably wrapping the request and stream the "body" from the file).