Malware Scanning & Safety
The Universal Mod Distribution Engine
Multi-Layered Scan Process
Every file uploaded to ModNexus passes through a four-stage automated scan pipeline before it becomes visible to any user. No mod is published until it clears every checkpoint.
Stage 1 — Static Byte Analysis
ClamAV (v1.3.1) and Sophos Intercept X perform initial signature-based scanning against 90+ million known malware hashes. Files flagged here are quarantined immediately and never proceed further.
Stage 2 — Sandbox Execution
Executables, DLLs, and scripts are detonated in an isolated Sandboxie environment (v5.42.1) on a headless Windows 11 VM. We monitor for registry modifications, network callbacks to known C2 domains, and file system mutations over a 120-second observation window.
Stage 3 — Archive Deep Inspection
All ZIP, RAR, 7Z, and .mod bundles are recursively unpacked up to seven nesting levels. Each extracted file is re-scanned individually — preventing attackers from hiding payloads inside legitimate-looking archives with benign top-level contents.
Stage 4 — Heuristic & Reputation Check
VirusTotal API (multi-engine, 68 scanners) provides a consensus verdict. Any file with a detection rate above 1/68 is auto-rejected. The uploading account's reputation score — calculated from 14 months of behavioral data — is cross-referenced to catch newly registered abuse accounts.
In Q3 2024, this pipeline processed 1,847,293 uploads, blocked 4,112 malicious or suspicious files (0.22% rejection rate), and quarantined 89 files for manual review by our Threat Response team. Average scan time per upload: 6.4 seconds.
The "Verified Safe" Badge
A green "Verified Safe" badge on a mod page means that specific file version has passed all four scan stages with zero detections and has been online for at least 72 hours with no user-submitted abuse reports.
What Earns the Badge
Clean results across ClamAV, Sophos, Sandboxie behavioral analysis, archive deep inspection, and VirusTotal consensus (0/68 detections). The file must also remain stable — no hash changes, no re-uploads under a different name — for a full 72-hour cooldown period.
What Doesn't Qualify
Newly uploaded files (under 72 hours old), files with any single-engine detection on VirusTotal, mods containing unsigned native code, and files from accounts created within the last 30 days. These receive a yellow "Under Review" label until they meet all criteria.
Badge Revocation
If a previously verified mod is later found to contain malicious code — through re-scanning after a new threat signature is published or through user reports — the badge is removed instantly, the file is taken offline, and the author is notified. To date, 14 verified mods have been revoked since the program launched in January 2023.
Reporting & User Trust Tools
Our automated systems catch the vast majority of threats, but community vigilance is the final layer. ModNexus provides multiple channels for users to flag suspicious content, and every report triggers a structured review workflow.
Report a Mod
Every mod page includes a "Report Safety Issue" button that submits the file hash, your account ID, and a categorized reason (malware, scam, phishing, unwanted adware, or other) to our Threat Response inbox. Reports are prioritized by severity and triaged within 4 hours during business hours and 12 hours off-hours.
Author Transparency Scores
Each mod author has a public transparency profile showing: total mods published, average scan pass rate, number of user reports received, average response time to reported issues, and account age. Authors with a score below 70/100 have their uploads subjected to extended manual review before publication.
Community Watch List
Trusted community members — nominated by the ModNexus Trust & Safety team and vetted through a 90-day probationary period — can flag files for expedited re-scanning. As of October 2024, 214 Watch List members have collectively submitted 8,341 safety reviews, with a 94.6% accuracy rate confirmed by our Threat Response team.
If you believe a mod on ModNexus contains malware or deceptive content, use the report tool on the mod page or contact our security team directly at security@modnexus.dev. We never punish good-faith reports — false positives are reviewed silently and the reporter is never penalized.