From 896565980ec51da63aaa98f6297ae5ae9e67f55f Mon Sep 17 00:00:00 2001
From: Nick Peacock <npeacock@cloudsmith.io>
Date: Wed, 8 Apr 2026 14:33:30 +0100
Subject: [PATCH] Add documentation for Malware Scanning feature

This document explains the functionality of Malware Scanning, which checks for malicious content in uploaded packages using ClamAV.
---
 .../supply-chain-security/malware-scanning      | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 src/content/supply-chain-security/malware-scanning

diff --git a/src/content/supply-chain-security/malware-scanning b/src/content/supply-chain-security/malware-scanning
new file mode 100644
index 00000000..98344ed6
--- /dev/null
+++ b/src/content/supply-chain-security/malware-scanning
@@ -0,0 +1,17 @@
+---
+title: Malware Scanning
+---
+
+# Malware Scanning
+
+Malware Scanning automatically checks packages for known malicious content — such as trojans, viruses, and other malware — as they are uploaded to your Cloudsmith repository. It is powered by [ClamAV](https://github.com/Cisco-Talos/clamav) and runs on every uploaded package before it becomes available for download.
+
+If a threat is detected, the package upload fails at sync with a reason of "malware detected" and the package is not made available in the repository. 
+
+If you feel a package has been incorrectly identified as containing malware, please [contact us](https://cloudsmith.com/company/contact-us). 
+
+## Malware Scanning vs. Enterprise Policy Management
+
+Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc.
+
+EPM is available to customers with our Advanced Securit add-on.