Reputation: 785
Scan files in AWS S3 bucket for virus using lambda
We've a requirement to scan the files uploaded by the user and check if it has virus and then tag it as infected. I checked few blogs and other stackoverflow answers and got to know that we can use calmscan for the same.
However, I'm confused on what should be the path for virus scan in clamscan config. Also, is there tutorial that I can refer to. Our application backend is in Node.js.
I'm open to other libraries/services as well
Upvotes: 1
Views: 7472
Answers (4)
Reputation: 11
Since June 2024 AWS offers malware scanning for S3 objects through Guard duty Malware Protection for S3. https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3.html
You can configure for example a Lambda function to delete infected objects through an EventBridge notification that is created each time an object is scanned by GuardDuty.
Upvotes: 1
Reputation: 2059
You can check this solution by AWS, it will give you an idea of a similar architecture: https://aws.amazon.com/blogs/developer/virus-scan-s3-buckets-with-a-serverless-clamav-based-cdk-construct/
Upvotes: 0
Reputation: 7215
Hard to say without further info (i.e the architecture your code runs on, etc).
I would say the easiest possible way to achieve what you want is to hook up a trigger on every PUT event on your S3 Bucket. I have never used any virus scan tool, but I believe that all of them run as a daemon within a server, so you could subscribe an SQS Queue to your S3 Bucket event and have a server (which could be an EC2 instance or an ECS task) with a virus scan tool installed poll the SQS queue for new messages.
Once the message is processed and a vulnerability is detected, you could simply invoke the putObjectTagging API on the malicious object.
Upvotes: 1
Reputation: 5729
We have been doing something similar, but in our case, its before the file storing in S3. Which is OK, I think, solution would still works for you.
We have one EC2 instance where we have installed the clamav. Then written a web-service that accepts Multi-part file and take that file content and internally invokes ClamAv command for scanning that file. In response that service returns whether the file is Infected or not.
Your solution, could be,
- Create a web-service as mentioned above and host it on EC2(lets call it,
virus scan service). - On Lambda function, call the
virus scan serviceby passing the content. - Based on the
Virus Scan serviceresponse, tag your S3 file appropriately.
If your open for paid service too, then in above the steps, #1 won't be applicable, replace the just the call the Virus-Scan service of Symantec or other such providers etc.
I hope it helps.
Upvotes: 0
Related Questions
- how to perform antivirus scan on aws s3
- AWS: Reading all files in an Amazon S3 bucket with a lambda function
- AWS Lambda to copy files within folders in S3 bucket
- How to perform automated virus scanning on files uploaded to AWS S3
- Why can't I upload a file to s3 with my Lambda function?
- S3 file upload issue using nodejs lambda
- AWS Lambda function loop all files in a s3 bucket
- How to parse an AWS S3 file from a Lambda function
- AWS CLI create lambda function cannot see my zip file that is in S3 "No such file or directory"
- How to use AWS Lambda to check file in S3