A system, method and computer program product for anti-malware processing of data stream that includes a plurality of logical data streams formed from a primary data stream; and a plurality of stream buffers, each buffering data of a corresponding logical data stream. A plurality of processing handlers each associated with one of the data streams, where the handlers are processing the data of the logical data stream buffered by its stream buffer. Each processing handler is associated with a particular functionality and at least one processing handler scans its logical data stream for malware presence. Each stream buffer has a configurable buffering policy. At least one of the processing handlers decompresses the data into one or more secondary streams. At least one of the processing handlers parses its logical data stream, creating one or more instances of secondary data streams. The scanning can be based on a signature search. At least one of the processing handlers parses its logical data stream to identify headers, wherein new secondary data streams are instantiated based on regions of interest in a future stream data at positions identified by the headers. The set of conditions is stored e.g., in a table, a list, and/or a registry.