- 最新
- 最多得票
- 最多評論
You can upload to a bucket and have a policy applied that prevents use of the file until it's been scanned. Add an S3 event configuration that triggers virus scanning automatically on uploaded objects, and then either tag or move objects once confirmed virus-free so they can be used by other applications. One way of doing that virus scanning is to queue events in SQS, and consume them via virus-scanning servers running in an EC2 auto-scaling group. This can be implemented using ClamAV in Python for example. I wouldn't recommend going fully serverless for this as there is considerable overhead in loading virus definitions.
Here are a couple of blog posts that cover how to do this:
Thank you for your response.
I watched the page 'Integrating Amazon S3 Virus Scanning into Your Application Workflow with Cloud Storage Security'. I think 'API-Driven Scanning' is the good way. Is there similar AWS service?
Scanning before upload is not simple to integrate. But what many of our customers do is to use two buckets—one for uploads and one for downloads. Uploads work in the exact same way as you outlined. Clean files are moved from the staging bucket to the target bucket. Infected files are deleted or quarantined. More details: https://bucketav.com/help/use-cases/user-uploads.html#staging-bucket
bucketAV scans your S3 buckets for viruses, worms, and trojans. bucketAV detects malware in real-time, periodically, on-access, or on-demand. bucketAV is available in the AWS Marketplace.
The file scan before uploading to the s3 bucket can be done through the API Server available at the marketplace:
https://aws.amazon.com/marketplace/pp/prodview-giign63hhwqo6
More information can be found at
https://docs.elmcomputing.io/ami/x86/api_virus_scan_clamav.html
Thank you for your response.
Is the method that you said the following? https://github.com/bluesentry/bucket-antivirus-function#deny-to-download-the-object-if-not-clean
By this method is it impossible to prevent uploadig the virus file to the S3 bucket?