Where exactly virus scanning is happening when a file uploaded via rest API. Could you someone help on this?

Have you enabled the registry settings mentioned in the user guide under Antimalware support (on-premises only)?

Based on that guidance I also think that AMSI needs to be enabled ("you must use an anti-virus software that is compatible with Windows Antimalware Scan Interface (AMSI)"), although this is not an area I'm deeply familiar with. If you need to verify this I recommend contacting M-Files Support.

Yes, AMSI need to be enabled and its under investigation, currently its not.
Before that we are trying to find where the files are processing (App server directory or Proxy directory?) when a file uploaded via rest API. As we have Defender AV already exist in servers and Realtime scanning is enabled, there must be some OS level scanning happens before the file processing to Azure blob file data. Unfortunately we are unable to find the exact temp directory in server where M-Files temporary storing and processing.

Yes, AMSI need to be enabled and its under investigation, currently its not.
Before that we are trying to find where the files are processing (App server directory or Proxy directory?) when a file uploaded via rest API. As we have Defender AV already exist in servers and Realtime scanning is enabled, there must be some OS level scanning happens before the file processing to Azure blob file data. Unfortunately we are unable to find the exact temp directory in server where M-Files temporary storing and processing.