Enabling Anti-Virus on an S3 Bucket

Hi there

There isn't a managed service from AWS for S3 AntiVirus. However take a look at this previous re:post answer for some ideas. There are a few options on the AWS marketplace or you can build your own.

https://repost.aws/questions/QU-AQ_-MzFRsuSSBQC1W8KCw/how-to-exacute-virus-scan-before-uploading-the-file-to-the-s-3-bucket

Here are a couple of blog posts that cover how to do this:

Integrating Amazon S3 Virus Scanning into Your Application Workflow with Cloud Storage Security

Amazon S3 Malware Scanning Using Trend Micro Cloud One and AWS Security Hub

Virus scan S3 buckets with a serverless ClamAV based CDK construct

We offer a solution for you: bucketAV scans your S3 buckets for viruses, worms, and trojans. bucketAV detects malware in real-time, periodically, on-access, or on-demand. bucketAV is available in the AWS Marketplace. For your use case, I recommend to use two buckets—one for uploads and one for downloads. Clean files are moved from the staging bucket to the target bucket. Infected files are deleted or quarantined. More details: https://bucketav.com/help/use-cases/user-uploads.html#staging-bucket

Between your front end and the s3 bucket, there could be one step added: the uploaded file could be saved at a temporary location (say /tmp) and the front end can call a virus scan API server to perform the virus check.

The file scan before uploading to the s3 bucket can be done through the API Server available at the marketplace:

https://aws.amazon.com/marketplace/pp/prodview-giign63hhwqo6

More information can be found at

https://docs.elmcomputing.io/ami/x86/api_virus_scan_clamav.html