Skip to content

alonrolnik/VT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 

Repository files navigation

High-level design

image

Designing a scalable VirusTotal clone involves understanding the core functionality, defining the system architecture, and planning for performance, security, and fault tolerance. Below is a detailed proposal addressing each of the outlined goals.

1. Core Functionality

VirusTotal allows users to upload files and URLs to scan them for malware using various antivirus engines and scripts that extract metadata. The results are then displayed to the user. The architecture needs to support these capabilities at scale.

2. System Architecture Overview

a. Components

  1. Frontend

    • Purpose: User interface for uploading files, viewing results, and managing user accounts.
    • Technology: React.js or Angular for the web app, native or cross-platform (Flutter/React Native) for mobile apps.
  2. Backend

    • API Gateway: Manages incoming requests, routes them to the appropriate services, and provides API access for third-party integrations.
    • File Processing and API Service: Handles file uploads and API, distributing the work to the scanners.
    • metadata scripts folder: a shared folder per OS of all the vendors and their scripts, adding/updating a new vendor is easy and requires only updating the files folder, this folder is mounted by the scanners.
    • Scanners: Linux/Microsoft Containers that scan the files, upload them to the object store, and save the scan metadata results to the DB.
    • Task Queue: Uses Celery with RabbitMQ to manage and distribute file scanning tasks.
    • Result Storage Service: Stores scan results and metadata in a scalable database.
    • Statistics Service: Using Grafana cloud as a holistic solution, tracks system metrics, user activity, and scan statistics.
  3. Data Storage

    • Metadata Storage: SQL database (e.g., PostgreSQL) for storing structured data like scan results, user data, and scan history.
    • File Storage: Object storage (e.g., AWS S3) for storing uploaded files.
    • Caching: Redis for caching frequently accessed data and improving performance.
  4. Scalability Components

    • Load Balancer: Distributes incoming traffic across multiple backend servers to ensure high availability.
    • Auto-scaling: Automatically scales the number of servers based on traffic and load.
  5. Security

    • Authentication and Authorization: JWT for user sessions, OAuth2 for third-party API access.
    • Rate Limiting: To prevent abuse and ensure fair usage of the API.

b. Workflow

  1. File/URL Submission:

    • A user uploads a file or submits a URL via the FE or the API to the API gateway.
  2. Task Distribution:

    • The API Gateway forwards the file/URL to the File Processing Service.
    • The File Processing Service pushes the task into the RabbitMQ queue.
  3. File Processing:

    • Celery workers pull tasks from the queue, process files/URLs, run virus scans, and extract metadata.
    • Results are stored in the database, and files are stored in object storage.
  4. Result Retrieval:

    • The user can query the scan results via the FE or the API.
    • Cached results are served quickly from Redis if available.

3. Data Storage and Management

a. Data Storage

  1. Metadata Storage:

    • Relational Database (PostgreSQL): Stores structured data such as user information, scan results, and historical records.
    • Partitioning: Table partitioning by date or user ID to optimize query performance.
  2. File Storage:

    • Object Storage (AWS S3/Google Cloud Storage): Stores large files, providing durability, availability, and scalability.
  3. Caching:

    • Redis/Memcached: Caches frequently accessed data such as recent scan results, improving response times.

b. Data Routing, Sharding, and Partitioning

  1. Data Routing:

    • Use a load balancer to distribute incoming API requests across multiple instances of the backend services.
  2. Sharding:

    • Shard the database by user ID or other logical keys to distribute data across multiple database instances, ensuring scalability.
  3. Partitioning:

    • Implement table partitioning based on time (e.g., monthly partitions) to manage large datasets efficiently and improve query performance.

4. Failure Handling

  1. Redundancy:

    • Use redundant servers for the backend and Celery workers to ensure no single point of failure.
  2. Task Reprocessing:

    • If a scan task fails, it is re-queued for processing. Celery workers can retry tasks a specified number of times before flagging them as failed, after the threshold, they can be stored in DLQ.
  3. Circuit Breaker Pattern:

    • Implement circuit breakers in the API Gateway to prevent cascading failures when external services (e.g., VirusTotal API) are down.
  4. Monitoring and Alerts:

    • Use tools like Prometheus and Grafana to monitor system health, with alerts configured for failures or performance issues.

5. Metrics and Statistics

  1. Metrics to Track:

    • User Metrics: Number of users, active users, daily uploads, etc.
    • Performance Metrics: Average processing time per file, queue length, server response times.
    • System Health: CPU/memory usage, disk I/O, error rates, service availability.
    • Scans: Number of scans per day, success/failure rates, detection rates by engine.
  2. Storing Metrics:

    • Time-Series Database (e.g., Prometheus): Store metrics for long-term analysis and monitoring.
    • Logging: Store detailed logs in a centralized logging service (e.g., ELK Stack or Splunk) for debugging and audit purposes.

6. Third-Party API

a. API Endpoints

  1. File Upload

    • Endpoint: POST /api/v1/files
    • Description: Uploads a file for scanning.
    • Request: File in multipart/form-data.
    • Response: Scan ID, upload timestamp, and status.
  2. URL Submission

    • Endpoint: POST /api/v1/urls
    • Description: Submits a URL for scanning.
    • Request: JSON with the URL.
    • Response: Scan ID, submission timestamp, and status.
  3. Retrieve Scan Results

    • Endpoint: GET /api/v1/results/{scan_id}
    • Description: Retrieves the scan results for a given scan ID.
    • Response: JSON with detailed scan results, including detection engines, metadata, and scan status.
  4. User History

    • Endpoint: GET /api/v1/history
    • Description: Retrieves the history of scans performed by the user.
    • Response: JSON list of scan records.

b. Authentication

  • User Authentication: JWT for session management.
  • API Key Management: Auth0 for third-party API access. Each application using the API must be registered and issued an API key.

7. Sample API Request/Response

File Upload Request:

POST /api/v1/files HTTP/1.1
Host: yourservice.com
Authorization: Bearer user_jwt_token
Content-Type: multipart/form-data

{
  "file": <file_to_upload>
}

File Upload Response:

{
  "status": "success",
  "scan_id": "abcd1234",
  "upload_time": "2024-09-06T14:30:00Z",
  "scan_status": "in_progress"
}

Retrieve Scan Results Request:

GET /api/v1/results/abcd1234 HTTP/1.1
Host: yourservice.com
Authorization: Bearer user_jwt_token

Retrieve Scan Results Response:

{
  "scan_id": "abcd1234",
  "scan_status": "completed",
  "file_name": "example.txt",
  "scan_date": "2024-09-06T14:35:00Z",
  "results": {
    "malicious": 3,
    "undetected": 57,
    "total_engines": 60,
    "details": {
      "EngineA": "malicious",
      "EngineB": "clean",
      "EngineC": "undetected"
    }
  },
  "scan_url": "https://yourservice.com/results/abcd1234"
}

8. Scalability and Performance Considerations

  1. Horizontal Scaling:

    • Scale backend services horizontally by adding more instances based on demand.
    • Use container orchestration tools like Kubernetes to manage scaling and deployment.
  2. Auto-scaling and Load Balancing:

    • Implement auto-scaling policies based on metrics like CPU usage, memory consumption, and request rates.
    • Use load balancers (e.g., AWS Elastic Load Balancer) to distribute traffic evenly.
  3. Efficient File Processing:

    • Optimize file processing by parallelizing tasks and using efficient libraries.
    • Use asynchronous task processing with Celery to handle high workloads.
  4. Data Partitioning and Sharding:

    • Use sharding and partitioning strategies to distribute data across multiple databases, improving read/write performance.
  5. Caching Frequently Accessed Data:

    • Cache scan results and metadata to reduce database load and improve response times.

This architecture and workflow design aims to handle millions of users per day while ensuring system reliability, scalability, and performance. The detailed focus on components, failure handling, and metrics tracking ensures that the system can grow and adapt to increased demand while maintaining high availability and security.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors