Setting Up ClamAV for AWS - File Scan

Georgios Philippou — Wed, 19 Feb 2025 18:20:16 +0000

Overview

This guide outlines the step-by-step process to set up ClamAV as an AWS Lambda layer. The steps are performed in AWS CloudShell, which runs on the same environment as AWS Lambda. By following these instructions, you'll be able to create a ClamAV layer for scanning files uploaded to S3 or other storage services.

Step 1: Install Required Binaries

1.1 Install ClamAV in CloudShell

First, install ClamAV:

sudo dnf install -y clamav clamav-update

1.2 Update ClamAV Virus Definitions

Run freshclam to download the latest virus signatures:

sudo freshclam

Step 2: Construct the Lambda Layer

2.1 Prepare ClamAV Files

Create a working directory for ClamAV files:

mkdir lambda_clamav
cd lambda_clamav

Copy necessary binaries:

cp /usr/bin/clamscan /usr/bin/freshclam .

2.2 Configure ClamAV

Generate the ClamAV configuration file:

clamconf -g freshclam.conf > freshclam.conf

Edit freshclam.conf to adjust settings:

Remove the Example line.
Change DatabaseDirectory from /var/lib/clamav to /tmp/ (Lambda only allows write access to /tmp).
Uncomment DatabaseMirror database.clamav.net.

2.3 Copy Required Shared Libraries

Check dependencies for clamscan and freshclam:

ldd clamscan
ldd freshclam

Copy all listed libraries to lambda_clamav.

2.4 Clean-Up Packages

To save space, and to test the layer without any conflicts, remove ClamAV after copying the necessary files:

sudo dnf remove -y clamav clamav-update

Step 3: Test ClamAV in CloudShell

3.1 Set the Library Path

Note that you will have to set the LD_LIBRARY_PATH within the Lambda function to point to the layer.

export LD_LIBRARY_PATH=/home/cloudshell-user/lambda_clamav:$LD_LIBRARY_PATH

3.2 Update Virus Definitions in CloudShell

./freshclam --config-file=/home/cloudshell-user/lambda_clamav/freshclam.conf

3.3 Perform a Test Scan

./clamscan --database=/tmp /path/to/test-file

Step 4: Package and Publish the Layer

4.1 Package the ClamAV Files

Navigate to the parent directory and zip the files:

cd ..
zip -r lambda_clamav.zip lambda_clamav/

4.2 Publish the Layer to AWS Lambda

aws lambda publish-layer-version \
    --layer-name clamav-layer \
    --zip-file fileb:///home/cloudshell-user/lambda_clamav.zip \
    --compatible-runtimes <the-lambda-runtime> \
    --region <your-region>

Lambda Configuration Considerations

Timeout: Allow enough time for the scans.
Memory (CPU Allocation): Set to 2048 MB, though actual usage may be lower. Test with sufficient resources and adjust as needed.
Layer Path in Lambda: The ClamAV layer will be accessible in /opt/lambda_clamav inside your Lambda function.

Final Notes

This guide should help you set up ClamAV for AWS Lambda efficiently. If you have questions or want to discuss the methodology I used within the Lambda function, feel free to reach out. 🚀

DEV Community: Georgios Philippou