How to exacute virus scan before uploading the file to the S3 bucket

You can upload to a bucket and have a policy applied that prevents use of the file until it's been scanned. Add an S3 event configuration that triggers virus scanning automatically on uploaded objects, and then either tag or move objects once confirmed virus-free so they can be used by other applications. One way of doing that virus scanning is to queue events in SQS, and consume them via virus-scanning servers running in an EC2 auto-scaling group. This can be implemented using ClamAV in Python for example. I wouldn't recommend going fully serverless for this as there is considerable overhead in loading virus definitions.

Here are a couple of blog posts that cover how to do this:

• Integrating Amazon S3 Virus Scanning into Your Application Workflow with Cloud Storage Security
• Amazon S3 Malware Scanning Using Trend Micro Cloud One and AWS Security Hub

Scanning before upload is not simple to integrate. But what many of our customers do is to use two buckets—one for uploads and one for downloads. Uploads work in the exact same way as you outlined. Clean files are moved from the staging bucket to the target bucket. Infected files are deleted or quarantined. More details: https://bucketav.com/help/use-cases/user-uploads.html#staging-bucket

bucketAV scans your S3 buckets for viruses, worms, and trojans. bucketAV detects malware in real-time, periodically, on-access, or on-demand. bucketAV is available in the AWS Marketplace.

The file scan before uploading to the s3 bucket can be done through the API Server available at the marketplace:

https://aws.amazon.com/marketplace/pp/prodview-giign63hhwqo6

More information can be found at

https://docs.elmcomputing.io/ami/x86/api_virus_scan_clamav.html