we are using minio as file storage and I would like to ask if Minio is save with infected files.
Are other files safe when we upload any infected file? Or we need upload only scanned files? Thank you.
This is really up to you - MinIO is non-opinionated on the state of any uploaded object.
As far as pure security, MinIO shards objects and distributes them across nodes and disks - so afaik there's no way to 'execute' a malicious binary or executable on any given node, since it's in pieces. You'd have to explicitly GET that binary and then execute it yourself.
As far as whether to or not to scan, this is up to you. There are a number of patterns for this, such as:
Upload to a specific prefix first (e.g. "data/unscanned") and set a metadata header like x-virusscan:false. Set up bucket notification events and have some sort of hook to GET, scan, and then move that object to a normal prefix after quarantining
Implement client-side scanning prior to upload
Implement client-side scanning prior to completing download.
All of these aren't specific or dependent on MinIO. You can use the available APIs to make this happen in whatever way works for your organizations security standards.