By using AWS re:Post, you agree to the Terms of Use

How to exacute virus scan before uploading the file to the S3 bucket



I'll upload the file to the S3 bucket as following.

  1. I open the web page and click the upload button.
  2. The Lambda function generates a presigned URL for uploading objects.(background processing)
  3. The file is uploaded to the S3 bucket.

To prevent uploading the virus file, I want to check the file before uploading to the S3 bucket. AWS has no virus scan service.(AWS support said so)

Is there any method?


2 Answers

You can upload to a bucket and have a policy applied that prevents use of the file until it's been scanned. Add an S3 event configuration that triggers virus scanning automatically on uploaded objects, and then either tag or move objects once confirmed virus-free so they can be used by other applications. One way of doing that virus scanning is to queue events in SQS, and consume them via virus-scanning servers running in an EC2 auto-scaling group. This can be implemented using ClamAV in Python for example. I wouldn't recommend going fully serverless for this as there is considerable overhead in loading virus definitions.

answered 2 months ago
  • Thank you for your response.

    I watched the page 'Integrating Amazon S3 Virus Scanning into Your Application Workflow with Cloud Storage Security'. I think 'API-Driven Scanning' is the good way. Is there similar AWS service?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions