Not as standard, no - there’s an extra monthly cost plus a price per GB scanned. I know some people have hooked up AV scanning to to blob storage via the APIs but I don’t know details.
One approach I’ve used before is to spin off the whole upload responsibility into a microservice - a custom form field stores a GUID and some JS that handles posting the file to an endpoint (Azure function) that processed, validated and saved the file to blob storage. Those files never touched production infrastructure that matters.
Yes, exactly that. Users can treat form submissions just like any other random internet file they may come across - with suspicion. If files are attached to emails then they’ll likely get properly scanned so that’s a nice way to deal with it too.
All the registered IFileStreamSecurityAnalyzer 's are iterated by the IFileStreamSecurityValidator which is a validation step for Umbraco Forms and is carried out alongside checking the file extension is valid . Just like any other validator (say regex or whatever) it will reject the form submission and do nothing further until validation is fixed.
ASP.NET Core stores all posted files over 64KB as a temp file locally, nothing will happen with these files after the request and they’ll get cleaned up in Azure when the machine changes/restarts etc.
If you want to blacklist then yes, you will need to override the behaviour of the FieldType. I think the easiest approach is to override the ValidateField(), and check for the presence of the ErrorMessageForFailedSecurityCheck in the base method, then do any custom logic there before returning the list of errors.