DEV Community

Using Serverless to Scan Files with a ClamAV Lambda Layer

Joseph Sutton on August 12, 2021

Update: I've written how to do this with lambda containers as well! Let's create an environment that scans a file via an S3 event by utilizing Cla...
Collapse
 
elthrasher profile image
Matt Morgan

I googled this in a hackathon when I had no idea how I was gonna solve this problem, so big thanks ;)

BTW, I had to change freshclam.conf so DatabaseDirectory is /home/build/var/lib/clamav in order to get the Docker build to work. /opt/var/lib/clamav is still used in the Lambda function.

Collapse
 
sutt0n profile image
Joseph Sutton

Ah, good catch! Sorry, I've been inactive here in the midst of the holidays and switching jobs. Thanks for that, I'll update the code.

Collapse
 
rajashekhar29 profile image
Rajashekhar29

Hi @matt Morgan
I still see /home/build/opt/var/lib/clamav in DatabaseDirectory, should we change this to /home/build/var/lib/clamav ?

Collapse
 
redstone78 profile image
redstone78 • Edited

Awesome article!! Do you have anything around updating the virus definitions on a daily basis?

Collapse
 
sutt0n profile image
Joseph Sutton • Edited

Easily updating them would potentially be expensive (because of the whole versioning shenanigans), because you'd have to redeploy the lambda layer each time. I'd recommend looking into an EC2 / Fargate solution for that and I have an article outlined that I need to actually write and push out. It's just very lengthy, and it's a lot of Terraform work to explain -- I'm working on splitting it up.

Collapse
 
muthu profile image
Muthu
Collapse
 
sutt0n profile image
Joseph Sutton

Yup, for a Python solution, that looks cool. Still limited by Lambda storage, funfortunately.

Collapse
 
programkr19 profile image
Kenneth

Great post! It was extremely helpful. For me, the code didn’t work for a Lambda runtime of NodeJS 18 or higher (not terribly surprising given the age of this article). Do you happen to know how the Docker file or ClamAV binaries would need to change in order to work with those newer runtimes?

Collapse
 
marcelheeinrich profile image
Marcel Heinrich

I'm with the same problem! hehe. In my case, the clamscan cant be executed inside of lambda (/bin/sh: clamscan: command not found). But I tried it on docker and works.
If you can resolve it, please share here!

Collapse
 
Sloan, the sloth mascot
Comment deleted
Collapse
 
sutt0n profile image
Joseph Sutton

Looks like it can't find the file. Might have to reconfigure the path to get things to play nicely -- this article is over two years old, and I have no idea what OS you're running.