diff --git a/seahub/settings.py b/seahub/settings.py
index cd6ad4e2fb..26d2020efa 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -262,6 +262,9 @@ SHARE_LINK_PASSWORD_MIN_LENGTH = 8
 # enable or disable share link audit
 ENABLE_SHARE_LINK_AUDIT = False
 
+# check virus for files uploaded form upload link
+ENABLE_UPLOAD_LINK_VIRUS_CHECK = False
+
 # mininum length for user's password
 USER_PASSWORD_MIN_LENGTH = 6
 
diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py
index f3feb4ffee..c04576f285 100644
--- a/seahub/views/ajax.py
+++ b/seahub/views/ajax.py
@@ -17,6 +17,7 @@ from django.utils.http import urlquote
 from django.utils.html import escape
 from django.utils.translation import ugettext as _
 from django.contrib import messages
+from django.conf import settings as dj_settings
 from django.template.defaultfilters import filesizeformat
 
 import seaserv
@@ -1461,9 +1462,16 @@ def get_file_upload_url_ul(request, token):
                             status=403, content_type=content_type)
 
     username = request.user.username or request.session.get('anonymous_email') or ''
+
+    args = [repo_id, json.dumps({'anonymous_user': username}), 'upload', '']
+    kwargs = {
+        'use_onetime': False,
+    }
+    if (is_pro_version() and dj_settings.ENABLE_UPLOAD_LINK_VIRUS_CHECK):
+        kwargs.update({'check_virus': True})
+
     try:
-        acc_token = seafile_api.get_fileserver_access_token(repo_id,
-                json.dumps({'anonymous_user': username}), 'upload', '', use_onetime=False)
+        acc_token = seafile_api.get_fileserver_access_token(*args, **kwargs)
     except SearpcError as e:
         logger.error(e)
         return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
diff --git a/tests/seahub/views/ajax/test_get_file_upload_url_ul.py b/tests/seahub/views/ajax/test_get_file_upload_url_ul.py
index 1945441352..5f81777cec 100644
--- a/tests/seahub/views/ajax/test_get_file_upload_url_ul.py
+++ b/tests/seahub/views/ajax/test_get_file_upload_url_ul.py
@@ -1,6 +1,7 @@
 import json
 from mock import patch
 from django.core.urlresolvers import reverse
+from django.test import override_settings
 
 from seahub.share.models import UploadLinkShare
 from seahub.test_utils import BaseTestCase
@@ -15,7 +16,7 @@ class GetFileUploadUrlULTest(BaseTestCase):
             upload_link.token]) + '?r=' + self.repo.id
 
     def _get_fileserver_access_token(self, repo_id, obj_id, op, username,
-                                     use_onetime=True):
+                                     use_onetime=True, *args, **kwargs):
         return 'test_token'
 
     @patch('seahub.views.ajax.seafile_api.get_fileserver_access_token')
@@ -57,3 +58,18 @@ class GetFileUploadUrlULTest(BaseTestCase):
             'upload', '', use_onetime=False)
         json_resp = json.loads(resp.content)
         assert 'test_token' in json_resp['url']
+
+    @override_settings(ENABLE_UPLOAD_LINK_VIRUS_CHECK=True)
+    @patch('seahub.views.ajax.seafile_api.get_fileserver_access_token')
+    @patch('seahub.views.ajax.is_pro_version')
+    def test_can_get_when_virus_check_enabled(self, mock_is_pro_version, mock_get_fileserver_access_token):
+        mock_is_pro_version.return_value = True
+        mock_get_fileserver_access_token.return_value = True
+        mock_get_fileserver_access_token.side_effect = self._get_fileserver_access_token
+
+        resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        mock_get_fileserver_access_token.assert_called_with(
+            self.repo.id, '{"anonymous_user": ""}',
+            'upload', '', use_onetime=False, check_virus=True)
+        json_resp = json.loads(resp.content)
+        assert 'test_token' in json_resp['url']