Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Multi Cloud Antivirus Scanning API using YARA and CLAMAV for AWS S3, Azure Blob Storage and GCP Cloud Storage

License

NotificationsYou must be signed in to change notification settings

cloudina/hawk

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

Multi Cloud antivirus scanning API based on CLAMAV and YARA for AWS S3, AZURE Blob Storage, GCP Cloud Storage.

Features

  • Microservice for scanning stream with YARA and CLAMAV
  • Scans S3 Bucket Object
  • Moves Clean S3 Objects to another S3 Bucket
  • Quarantines Infected S3 Objects to another S3 Bucket
  • CLAMAV DB auto is updated to latest
  • [TODO] AZURE and GCP support
  • [TODO] Merge Various YARA rules to one set
  • [TODO] Auto Update YARA rules
  • [TODO] Support Yextend
  • [TODO] Improve Logging using logrus [https://github.com/antonfisher/nested-logrus-formatter]
  • [TODO] Harden Image

API

Available API are

# Scan streamPOST /scanstream -d @file_to_scan# scan a file which is in s3 ( in scanning bucket )POST -d '{"bucketname": $S3_SCANNING_BUCKET, "key": $S3_OBJECT_TO_SCAN, "clean_files_bucket": $S3_CLEAN_FILES_BUCKET, "qurantine_files_bucket": $S3_QUARNTINE_FILES_BUCKET}' /s3/scanfile# list all loaded rulesetGET /ruleset/# list all rules from a loaded ruleGET /ruleset/{ruleset}# get metricsGET /metrics# get health info GET /health#get indexGET /

Installation

Automated builds of the image are available onRegistry and is the recommended method of installation.

docker pull hub.docker.com/cloudina/hawk:(imagetag)

The following image tags are available:

  • latest - Most recent release of ClamAV with REST API

Quick Start

Run hawk docker image:

docker run -p 9000:9999 -itd --name hawk cloudina/hawkdocker run -p 9000:9999 -v$HOME/.aws/credentials:/go/src/app/.aws/credentials:ro -itd --name hawk cloudina/hawk

Test that service detects common test virus signature:

EXAMPLES

# Request - Scanning a file from S3 , ./testsamples/request/s3filescan has config for s3curl --data"@./testsamples/request/s3filescan" http://0.0.0.0:9000/s3/scanfile -H'Content-Type: application/json'# Response{"filename":"stream","matches":[{"Rule":"Win.Test.EICAR_HDB-1","namespace":"","tags":null}],"status":"INFECTED"}%# Request - Uploading sample virus file to APIcurl --data"@./testsamples/scanfiles/eicar" http://0.0.0.0:9000/scanstream -H'Content-Type: application/json'# Response{"filename":"stream","matches":[{"Rule":"Win.Test.EICAR_HDB-1","namespace":"","tags":null}],"status":"INFECTED"}# Request - Uploading sample clean file to APIcurl --data"@./testsamples/scanfiles/hello.txt" http://0.0.0.0:9000/scanstream -H'Content-Type: application/json'# Response{"filename":"stream","matches":[],"status":"CLEAN"}

Networking

PortDescription
3310ClamD Listening Port
9999HAWK Container Port

Debug

For debugging the running container

dockerexec -it (whatever your container name is e.g. hawk) /bin/ash

Build

For building

docker build -t (whatever your image name is e.g. hawk).

Prebuild Image

docker pull cloudina/hawk

Acknowledgements

References

[8]ページ先頭
©2009-2025 Movatter.jp