/s3-malware-scanner

Uses VirusTotal to scan S3 files in a specified S3 bucket

Primary LanguageJavaScript

s3-malware-scanner

Uses the VirusTotal API to scan S3 files in a specified S3 bucket

dependencies Status devDependencies Status

Basic Workflow

S3 Malware Scanner Architecture


  • A lambda trigger is applied to any S3 Post/Put that gets added to a specified bucket
  • A lambda function is used to query the VirusTotal API and retrieve a scan URL
  • The scan URL is added to an SQS scan queue to query the results of this scan at a later interval
  • The SQS scan queue triggers a lambda function that queries VirusTotal to gather the resulting scan report
  • Any suspicious files are added to an SQS quarantine queue for future deletion

Getting Started

These instructions will get you a copy of the project up and running on your AWS account.

Cloning

The build process of the application makes use of the AWS CodeBuild Docker Image Repository. This has been added as a submodule to the project's main repository. To automatically initialize and update each submodule in the repository, run the follwing command:

git clone --recurse-submodules https://github.com/labriffa/s3-malware-scanner.git

Lambda Functions

S3 Malware Scanner works off a number of lambda functions that are available in the build directory of the application, the lambda function zips should respectively be added to a bucket specified by the S3MalwareLambdaBucketNameParameter upon creation of the CloudFormation stack.

Deployment via CloudFormation

aws --region ${AWS_REGION} cloudformation create-stack --capabilities CAPABILITY_NAMED_IAM --stack-name s3-malware-scanner-stack --template-body file://initialize.json --parameters ParameterKey=S3MalwareUploadBucketNameParameter,ParameterValue=${SOURCE_BUCKET_NAME} ParameterKey=S3MalwareLambdaBucketNameParameter,ParameterValue=${LAMBDA_BUCKET_NAME} ParameterKey=TotalVirusApiKeyParameter,ParameterValue=${TOTALVIRUS_API_KEY}

Build Process

The project build process makes use of a number of build spec configuration files that automatically compress and install the necessary node module dependencies of the lambda functions before uploading them to the designated S3 bucket reserved for the applications lambda functions.

To execute the build process, run the following gulp command:

gulp build

Dependencies

  • request
  • dotenv

devDependencies

  • aws-sdk
  • gulp
  • gulp-awspublish
  • gulp-exec
  • mocha
  • chai

Author

  • Lewis Alberto Briffa