diff --git a/db/migrate/20240527061406_add_malicious_file_score_type.rb b/db/migrate/20240527061406_add_malicious_file_score_type.rb
new file mode 100644
index 0000000..d16f021
--- /dev/null
+++ b/db/migrate/20240527061406_add_malicious_file_score_type.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class AddMaliciousFileScoreType < ActiveRecord::Migration[7.0]
+  def change
+    result = DB.query <<~SQL
+      SELECT MAX(position) FROM flags
+    SQL
+
+    position = result.last&.max
+
+    result = DB.query <<~SQL
+      INSERT INTO flags(name, name_key, applies_to, score_type, position, created_at, updated_at)
+      VALUES ('Malicious File', 'malicious_file', '{}', true, #{position.to_i + 1}, NOW(), NOW())
+      RETURNING flags.id
+    SQL
+
+    new_score_id = result.last&.id
+
+    DB.exec <<~SQL
+      UPDATE reviewable_scores rs1
+      SET reviewable_score_type = #{new_score_id}
+      FROM reviewable_scores rs2
+      LEFT JOIN reviewables ON reviewables.id = rs2.reviewable_id
+      WHERE rs2.reason = 'malicious_file'
+      AND reviewables.type = 'ReviewableUpload'
+      AND rs1.id = rs2.id
+    SQL
+  end
+end
diff --git a/plugin.rb b/plugin.rb
index d759a6c..b1e5538 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -33,8 +33,6 @@
 
   register_reviewable_type ReviewableUpload
 
-  replace_flags(settings: PostActionType.flag_settings, score_type_names: %i[malicious_file])
-
   add_to_serializer(
     :site,
     :clamav_unreacheable,