Attachment Scanning
PentestPad scans uploaded files for malware as they are added, so a malicious attachment never quietly lands in a project. This page explains what your team sees when scanning is enabled.
What gets scanned
Section titled “What gets scanned”Files are checked at upload time across the app: project attachments, finding and editor images, report template and PDF replacements, and whitelabel logos. Only a clean verdict is treated as safe — anything else is surfaced with a warning.
Scan badges
Section titled “Scan badges”Clean files show no badge at all. Anything that isn’t clean gets a small warning badge next to the file; hover it to see the detail.
| Badge | Meaning |
|---|---|
| (no badge) | The file was scanned and is clean. |
| Scanning… | A large file is still being scanned in the background. Re-check shortly. |
| Flagged: <threat> | Malware was detected. The threat name is shown in the tooltip. |
| Couldn’t scan | The file was too large to scan, or couldn’t be read — no verdict. |
| Scan error | The scanner couldn’t return a verdict for this file. |
| Known sample | A flagged file that an admin or manager deliberately kept (see below). Shown in a calmer, neutral style. |
Uploading a flagged file
Section titled “Uploading a flagged file”When you upload a file that the scanner flags as malware, it is rejected and not added to the project. A dialog appears listing the blocked file(s) and the detected threat, with the option to Discard them.
Large files (over 128 MB by default) are accepted immediately and finish scanning in the background — they briefly show a Scanning… badge until a verdict lands.
Keeping a flagged file (override)
Section titled “Keeping a flagged file (override)”Sometimes a flagged file is intentional — for example a malware sample collected as evidence during an engagement. Users with the Override malware block permission (scan-override) see an extra Upload anyway (known sample) option in the blocked-file dialog.
Choosing it keeps the file and records it as a reviewed known sample, which is who uploaded it and when. The file then shows the calmer “Known sample” badge instead of an alarming one.
Downloading flagged files
Section titled “Downloading flagged files”Because a non-clean file may be dangerous, downloading one is never a single click. A warning dialog appears first and you must confirm with Download anyway:
- Known malware — a strong warning. Opening it on your workstation can infect it; download it only into an isolated or analysis environment.
- Couldn’t be verified — a softer caution for files that returned no clean verdict. Scan the file yourself before opening it.