Content scanning seems to be something that is usually done on a (reverse) proxy server operating in front of the actual application. In Mendix terms, functionality like this should in principle be invisible to the runtime, because it runs on the web server in front of it (or yet another server in front of that).
You might still have to think about how to deal with rejected uploads from Mendix, e.g. show a relevant error message when an uploaded file suddenly has no content. A more complicated approach could be to have some kind of integration between scanner and Mendix, so it can let you know when and why a file has been blocked.
If you require specific help with setting up such a system in your cloud environment I think it's best to contact either Mendix support or your partner manager for assistance.