I would like to be be able to invoke a virus check as the final stage of the build process (please don't question why a dev machine would get a virus, it's just a belt-and-braces approach to avoid the risk of getting sued by customers...). Also I'd like the option of having AV on a machine but switching the auto file system protection off (at least for the build directories).

What I would like is a generic way of scanning a file using whatever AV system is in place. I'm assuming that there's an Windows API to do this, given that Windows detects the presence of an AV system, and browsers such as Firefox invoke a virus scan whenever a file is downloaded. So what's the API that they're using? There's the Microsoft AntiVirus API but that seems to be specific to Office documents. Does the approach involve using WMI? (and if you can detect the AV provider from there, how do you then invoke it to scan a file?)

I know that I could write the script to manually call the AV scanner that I know to be installed, but as an intellectual exercise I'm more interested to know how apps like Firefox are doing this.