checking virus uploads with PHP
ClamAV is a free anti virus commonly used on server applications.
I've found a tutorial on how to use clamav as a Zend Framework Validator which already includes instructions on how to verify upload files. The tutorial should also help you on using it on another frameworks or architectures.
You can also call clamav by its command line interface with clamscan. This requires clamav to be installed but not the PHP extension. In the PHP side, you can shell_exec('clamscan myuploadedfile.zip'); then parse the output. Lines ending with OK are safe files, lines ending with FOUND are malicious filesref: https://stackoverflow.com/questions/10660260/what-are-my-options-to-check-for-viruses-on-a-php-upload