We've a requirement to scan the files uploaded by the user and check if it has virus and then tag it as infected. I checked few blogs and other stackoverflow answers and got to know that we can use calmscan for the same.
However, I'm confused on what should be the path for virus scan in clamscan config. Also, is there tutorial that I can refer to. Our application backend is in Node.js.
I'm open to other libraries/services as well
On
Hard to say without further info (i.e the architecture your code runs on, etc).
I would say the easiest possible way to achieve what you want is to hook up a trigger on every PUT event on your S3 Bucket. I have never used any virus scan tool, but I believe that all of them run as a daemon within a server, so you could subscribe an SQS Queue to your S3 Bucket event and have a server (which could be an EC2 instance or an ECS task) with a virus scan tool installed poll the SQS queue for new messages.
Once the message is processed and a vulnerability is detected, you could simply invoke the putObjectTagging API on the malicious object.
On
You can check this solution by AWS, it will give you an idea of a similar architecture: https://aws.amazon.com/blogs/developer/virus-scan-s3-buckets-with-a-serverless-clamav-based-cdk-construct/
We have been doing something similar, but in our case, its before the file storing in
S3. Which is OK, I think, solution would still works for you.We have one EC2 instance where we have installed the
clamav. Then written a web-service that accepts Multi-part file and take that file content and internally invokesClamAvcommand for scanning that file. In response that service returns whether the file isInfectedornot.Your solution, could be,
virus scan service).virus scan serviceby passing the content.Virus Scan serviceresponse, tag your S3 file appropriately.If your open for paid service too, then in above the steps, #1 won't be applicable, replace the just the call the Virus-Scan service of
Symantecor other such providers etc.I hope it helps.