Aim of this project is to provide an antivirus scan tool to check uploaded to the AWS S3 buckets files using AWS Lambda function and free ClamAV antivirus.
This project is based on bucket-antivirus-function which is a ClamAV antivirus AWS Lambda wrapper function written in Python.
Serverless Framework is used to deploy the code to the AWS infrastructure.
AWS S3 buckets to be included in the scan:
- arn:aws:s3:::getsidekicker.com-public
- arn:aws:s3:::getsidekicker.com-sensitive
The project consist of two main services:
- update: AWS Lambda Function to update the antivirus definition files
- scan: Virus scanner AWS Lambda Function
After uploading files to one of the buckets there is an event triggered which runs the scanner against the uploaded file. If the file is infected, the scanner function will send alert message on the Slack, to the "AWS Alert" channel.
In addition, it's can block file download from the S3. This behavior to be decided.
After building the function from the source the output Lambda Function should be used
-
Install Serverless CLI as described here.
-
Configure AWS credentials as described here.
-
Run:
bash $ serverless deploy --aws-profile engineering
Note: --aws-profile engineering parameter might be different depending on the step 2.
It's only possible to configure one bucket per function using same event type, so the getsidekicker.com-public bucket event was manually configured to trigger scan on object creation.
Use EICAR ANTI MALWARE TEST FILE to download a "test virus" and do a real world test.
The EICAR is non-viral but is detected by anti-virus software as if it a virus code.