Uploaded files, even those of expected and permitted file types, should be scanned for malicious contents (e.g. malware, zip-bombs, exploits or scripts). These may either be malicious to the system itself or others that access these files (e.g. other users downloading infected documents).