diff --git a/src/content/supply-chain-security/malware-scanning b/src/content/supply-chain-security/malware-scanning
new file mode 100644
index 00000000..98344ed6
--- /dev/null
+++ b/src/content/supply-chain-security/malware-scanning
@@ -0,0 +1,17 @@
+---
+title: Malware Scanning
+---
+
+# Malware Scanning
+
+Malware Scanning automatically checks packages for known malicious content — such as trojans, viruses, and other malware — as they are uploaded to your Cloudsmith repository. It is powered by [ClamAV](https://github.com/Cisco-Talos/clamav) and runs on every uploaded package before it becomes available for download.
+
+If a threat is detected, the package upload fails at sync with a reason of "malware detected" and the package is not made available in the repository. 
+
+If you feel a package has been incorrectly identified as containing malware, please [contact us](https://cloudsmith.com/company/contact-us). 
+
+## Malware Scanning vs. Enterprise Policy Management
+
+Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc.
+
+EPM is available to customers with our Advanced Securit add-on.