From 734710b93f5c95dca697dc689e268080200e8b70 Mon Sep 17 00:00:00 2001 From: Sergey Orlov Date: Tue, 25 Aug 2020 23:52:03 +0700 Subject: [PATCH] Add AV_SCAN_FORCE_ALL flag to force scan all (even checked) files This is useful when AV is used for quarterly security reports when it's required to check all the files in buckets with actual av definitions --- README.md | 1 + common.py | 1 + scan_bucket.py | 9 ++++++--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e0ce5cb6..356b41d9 100644 --- a/README.md +++ b/README.md @@ -261,6 +261,7 @@ the table below for reference. | AV_DEFINITION_PATH | Path containing files at runtime | /tmp/clamav_defs | No | | AV_SCAN_START_SNS_ARN | SNS topic ARN to publish notification about start of scan | | No | | AV_SCAN_START_METADATA | The tag/metadata indicating the start of the scan | av-scan-start | No | +| AV_SCAN_FORCE_ALL | Controls whenever manual bucket scan should skip already scanned files (True - don't skip) | False | No | AV_SIGNATURE_METADATA | The tag/metadata name representing file's AV type | av-signature | No | | AV_STATUS_CLEAN | The value assigned to clean items inside of tags/metadata | CLEAN | No | | AV_STATUS_INFECTED | The value assigned to clean items inside of tags/metadata | INFECTED | No | diff --git a/common.py b/common.py index 9e95af96..c1d362c9 100644 --- a/common.py +++ b/common.py @@ -23,6 +23,7 @@ AV_DEFINITION_PATH = os.getenv("AV_DEFINITION_PATH", "/tmp/clamav_defs") AV_SCAN_START_SNS_ARN = os.getenv("AV_SCAN_START_SNS_ARN") AV_SCAN_START_METADATA = os.getenv("AV_SCAN_START_METADATA", "av-scan-start") +AV_SCAN_FORCE_ALL = os.getenv("AV_SCAN_FORCE_ALL", "False") AV_SIGNATURE_METADATA = os.getenv("AV_SIGNATURE_METADATA", "av-signature") AV_SIGNATURE_OK = "OK" AV_SIGNATURE_UNKNOWN = "UNKNOWN" diff --git a/scan_bucket.py b/scan_bucket.py index 6043ffb0..b2c4965a 100755 --- a/scan_bucket.py +++ b/scan_bucket.py @@ -19,15 +19,17 @@ import json import sys +from distutils.util import strtobool + import boto3 from common import AV_STATUS_METADATA from common import AV_TIMESTAMP_METADATA +from common import AV_SCAN_FORCE_ALL # Get all objects in an S3 bucket that have not been previously scanned def get_objects(s3_client, s3_bucket_name): - s3_object_list = [] s3_list_objects_result = {"IsTruncated": True} @@ -42,7 +44,9 @@ def get_objects(s3_client, s3_bucket_name): for key in s3_list_objects_result["Contents"]: key_name = key["Key"] # Don't include objects that have been scanned - if not object_previously_scanned(s3_client, s3_bucket_name, key_name): + if strtobool(AV_SCAN_FORCE_ALL) or not object_previously_scanned( + s3_client, s3_bucket_name, key_name + ): s3_object_list.append(key_name) return s3_object_list @@ -62,7 +66,6 @@ def object_previously_scanned(s3_client, s3_bucket_name, key_name): # Scan an S3 object for viruses by invoking the lambda function # Skip any objects that have already been scanned def scan_object(lambda_client, lambda_function_name, s3_bucket_name, key_name): - print("Scanning: {}/{}".format(s3_bucket_name, key_name)) s3_event = format_s3_event(s3_bucket_name, key_name) lambda_invoke_result = lambda_client.invoke(