based on https://github.com/sutt0n/serverless-clamav-lambda-layer
git clone https://github.com/bcgov/CONN-ClamAV-scan
./build.sh
After successfult build.sh execution, archive clamav_lambda_layer.zip would be generated in the ./layer folder.
Archive does not contain virus definitions and thus it can be included in the terraform lambda deployment script.
Using AWS console (or Terraform, serverless, CloudFormation or SAM) create two lambdas that use same lambda layer generated by the current project. Both lambdas can use same hanlder.js, just call handler.virusScan and handler.updateDb functions. First lambda can be triggered by S3 PutObject event, second lambda can be triggered by CloudWatch event to run at specified interval to keep virus definitions up-to-date.
handler.js is provided as an example only. Code invokes clamscan and freshclam executables in the /bin folder.
-
Error "Error while loading shared libraries: libcurl.so.4: cannot open shared object file: No such file or directory".
Error happens becuase
clamscanandfreshclamrequire environmental variable LD_LIBRARY_PATH to be set.Example:
LD_LIBRARY_PATH=/opt/lib clamscan -v --database=/tmp/clamav /tmp/${record.s3.object.key} -
File scanning or definition update lambdas run indefinitely.
Error happens because process requires more RAM or ephemerial storage. Recommended values - 2048Mb for each.
-
Definition update lambda fails due to access denied error.
Error happened because by default
freshclamattepms to useopt/var/lib/clamavlocation.To fix the issue, provide
--database=/tmp/clamavparameter;tmplocation is the only writable location tha can be used by lambda