A method including configuring, by an infrastructure device, a user device to receive harmful patterns indicating characteristics of harmful traits included in affected data known to include malicious content and clean patterns indicating characteristics of clean traits included in clean data known to be free of the malicious content; configuring the user device to receive a first portion of given data; configuring the user device to determine a pattern associated with traits included in the first portion of the given data; configuring the user device to determine whether the first portion of the given data includes the malicious content based on comparing the determined pattern with the harmful patterns and the clean patterns; and configuring the user device to selectively receive a second portion of the given data based determining whether the first portion of the given data includes the malicious content is disclosed. Various other aspects are contemplated.