Customer uploading documents to cloud service, who is responsible for malware scanning?

I’m looking at developing a piece of software that allows a customer to upload a custom document to a cloud based external service.

The service has told me that they don’t perform any malware scanning, which exposes problems if a customer inadvertently uploads a document that contains malware.

Because I wrote this software that allows this functionality, is it my responsibility to scan this software before uploading it, or is the customer responsible for scanning beforehand?

This software isn’t live …

cloud cloud service customer cybersecurity documents malware malware scanning responsible scanning service