I have a website that is accepting what (appears to be) CSV files, reading the headers locally in a browser (using HTML5), and then uploading the file to a server. If the headers are not found, it won't upload. This will be exposed to the public at some point.
It will never get executed, only read via the System.IO libraries to extract the data rows. If it can't parse through the CSV, it cancels out. I can't think of how a virus would ever execute in this scenario. Am I wrong? Do I need to run a virus scan?