# cdk-serverless-clamscan
[](https://badge.fury.io/js/cdk-serverless-clamscan)
[](https://badge.fury.io/py/cdk-serverless-clamscan)
An [aws-cdk](https://github.com/aws/aws-cdk) construct that uses [ClamAV®](https://www.clamav.net/) to scan newly uploaded objects to Amazon S3 for viruses. The construct provides a flexible interface for a system to act based on the results of a ClamAV virus scan. Check out this [blogpost](https://aws.amazon.com/blogs/developer/virus-scan-s3-buckets-with-a-serverless-clamav-based-cdk-construct/) for a guided walkthrough.
## Pre-Requisites
**Docker:** The ClamAV Lambda functions utilizes a [container image](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/) that is built locally using [docker bundling](https://aws.amazon.com/blogs/devops/building-apps-with-aws-cdk/)
## Examples
This project uses [projen](https://github.com/projen/projen) and thus all the constructs follow language specific standards and naming patterns. For more information on how to translate the following examples into your desired language read the CDK guide on [Translating TypeScript AWS CDK code to other languages](https://docs.aws.amazon.com/cdk/latest/guide/multiple_languages.html)
### Example 1. (Default destinations with rule target)
<details><summary>typescript</summary>
<p>
```python
import { RuleTargetInput } from 'aws-cdk-lib/aws-events';
import { SnsTopic } from 'aws-cdk-lib/aws-events-targets';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { Topic } from 'aws-cdk-lib/aws-sns';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ServerlessClamscan } from 'cdk-serverless-clamscan';
export class CdkTestStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const bucket_1 = new Bucket(this, 'rBucket1');
const bucket_2 = new Bucket(this, 'rBucket2');
const bucketList = [bucket_1, bucket_2];
const sc = new ServerlessClamscan(this, 'rClamscan', {
buckets: bucketList,
});
const bucket_3 = new Bucket(this, 'rBucket3');
sc.addSourceBucket(bucket_3);
const infectedTopic = new Topic(this, 'rInfectedTopic');
sc.infectedRule?.addTarget(
new SnsTopic(infectedTopic, {
message: RuleTargetInput.fromEventPath(
'$.detail.responsePayload.message',
),
}),
);
}
}
```
</p>
</details><details><summary>python</summary>
<p>
```python
from aws_cdk import (
Stack,
aws_events as events,
aws_events_targets as events_targets,
aws_s3 as s3,
aws_sns as sns
)
from cdk_serverless_clamscan import ServerlessClamscan
from constructs import Construct
class CdkTestStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket_1 = s3.Bucket(self, "rBucket1")
bucket_2 = s3.Bucket(self, "rBucket2")
bucketList = [ bucket_1, bucket_2 ]
sc = ServerlessClamscan(self, "rClamScan",
buckets=bucketList,
)
bucket_3 = s3.Bucket(self, "rBucket3")
sc.add_source_bucket(bucket_3)
infected_topic = sns.Topic(self, "rInfectedTopic")
if sc.infected_rule != None:
sc.infected_rule.add_target(
events_targets.SnsTopic(
infected_topic,
message=events.RuleTargetInput.from_event_path('$.detail.responsePayload.message'),
)
)
```
</p>
</details>
### Example 2. (Bring your own destinations)
<details><summary>typescript</summary>
<p>
```python
import {
SqsDestination,
EventBridgeDestination,
} from 'aws-cdk-lib/aws-lambda-destinations';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { Queue } from 'aws-cdk-lib/aws-sqs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ServerlessClamscan } from 'cdk-serverless-clamscan';
export class CdkTestStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const bucket_1 = new Bucket(this, 'rBucket1');
const bucket_2 = new Bucket(this, 'rBucket2');
const bucketList = [bucket_1, bucket_2];
const queue = new Queue(this, 'rQueue');
const sc = new ServerlessClamscan(this, 'default', {
buckets: bucketList,
onResult: new EventBridgeDestination(),
onError: new SqsDestination(queue),
});
const bucket_3 = new Bucket(this, 'rBucket3');
sc.addSourceBucket(bucket_3);
}
}
```
</p>
</details><details><summary>python</summary>
<p>
```python
from aws_cdk import (
Stack,
aws_lambda_destinations as lambda_destinations,
aws_s3 as s3,
aws_sqs as sqs
)
from cdk_serverless_clamscan import ServerlessClamscan
from constructs import Construct
class CdkTestStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket_1 = s3.Bucket(self, "rBucket1")
bucket_2 = s3.Bucket(self, "rBucket2")
bucketList = [ bucket_1, bucket_2 ]
queue = sqs.Queue(self, "rQueue")
sc = ServerlessClamscan(self, "rClamScan",
buckets=bucketList,
on_result=lambda_destinations.EventBridgeDestination(),
on_error=lambda_destinations.SqsDestination(queue),
)
bucket_3 = s3.Bucket(self, "rBucket3")
sc.add_source_bucket(bucket_3)
```
</p>
</details>
## Operation and Maintenance
When ClamAV publishes updates to the scanner you will see “Your ClamAV installation is OUTDATED” in your scan results. While the construct creates a system to keep the database definitions up to date, you must update the scanner to detect all the latest Viruses.
Update the docker images of the Lambda functions with the latest version of ClamAV by re-running `cdk deploy`.
## API Reference
See [API.md](./API.md).
## Contributing
See [CONTRIBUTING](./CONTRIBUTING.md) for more information.
## License
This project is licensed under the Apache-2.0 License.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/cdk-serverless-clamscan",
"name": "cdk-serverless-clamscan",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services<donti@amazon.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/26/fb/5b6ff57c59db82992f67594c07c96721e68d7253a9a1c973367c2a69fa0e/cdk-serverless-clamscan-2.6.160.tar.gz",
"platform": null,
"description": "# cdk-serverless-clamscan\n\n[](https://badge.fury.io/js/cdk-serverless-clamscan)\n[](https://badge.fury.io/py/cdk-serverless-clamscan)\n\nAn [aws-cdk](https://github.com/aws/aws-cdk) construct that uses [ClamAV\u00ae](https://www.clamav.net/) to scan newly uploaded objects to Amazon S3 for viruses. The construct provides a flexible interface for a system to act based on the results of a ClamAV virus scan. Check out this [blogpost](https://aws.amazon.com/blogs/developer/virus-scan-s3-buckets-with-a-serverless-clamav-based-cdk-construct/) for a guided walkthrough.\n\n\n\n## Pre-Requisites\n\n**Docker:** The ClamAV Lambda functions utilizes a [container image](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/) that is built locally using [docker bundling](https://aws.amazon.com/blogs/devops/building-apps-with-aws-cdk/)\n\n## Examples\n\nThis project uses [projen](https://github.com/projen/projen) and thus all the constructs follow language specific standards and naming patterns. For more information on how to translate the following examples into your desired language read the CDK guide on [Translating TypeScript AWS CDK code to other languages](https://docs.aws.amazon.com/cdk/latest/guide/multiple_languages.html)\n\n### Example 1. (Default destinations with rule target)\n\n<details><summary>typescript</summary>\n<p>\n\n```python\nimport { RuleTargetInput } from 'aws-cdk-lib/aws-events';\nimport { SnsTopic } from 'aws-cdk-lib/aws-events-targets';\nimport { Bucket } from 'aws-cdk-lib/aws-s3';\nimport { Topic } from 'aws-cdk-lib/aws-sns';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\nimport { ServerlessClamscan } from 'cdk-serverless-clamscan';\n\nexport class CdkTestStack extends Stack {\n constructor(scope: Construct, id: string, props?: StackProps) {\n super(scope, id, props);\n\n const bucket_1 = new Bucket(this, 'rBucket1');\n const bucket_2 = new Bucket(this, 'rBucket2');\n const bucketList = [bucket_1, bucket_2];\n const sc = new ServerlessClamscan(this, 'rClamscan', {\n buckets: bucketList,\n });\n const bucket_3 = new Bucket(this, 'rBucket3');\n sc.addSourceBucket(bucket_3);\n const infectedTopic = new Topic(this, 'rInfectedTopic');\n sc.infectedRule?.addTarget(\n new SnsTopic(infectedTopic, {\n message: RuleTargetInput.fromEventPath(\n '$.detail.responsePayload.message',\n ),\n }),\n );\n }\n}\n```\n\n</p>\n</details><details><summary>python</summary>\n<p>\n\n```python\nfrom aws_cdk import (\n Stack,\n aws_events as events,\n aws_events_targets as events_targets,\n aws_s3 as s3,\n aws_sns as sns\n)\nfrom cdk_serverless_clamscan import ServerlessClamscan\nfrom constructs import Construct\n\nclass CdkTestStack(Stack):\n\n def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:\n super().__init__(scope, construct_id, **kwargs)\n\n bucket_1 = s3.Bucket(self, \"rBucket1\")\n bucket_2 = s3.Bucket(self, \"rBucket2\")\n bucketList = [ bucket_1, bucket_2 ]\n sc = ServerlessClamscan(self, \"rClamScan\",\n buckets=bucketList,\n )\n bucket_3 = s3.Bucket(self, \"rBucket3\")\n sc.add_source_bucket(bucket_3)\n infected_topic = sns.Topic(self, \"rInfectedTopic\")\n if sc.infected_rule != None:\n sc.infected_rule.add_target(\n events_targets.SnsTopic(\n infected_topic,\n message=events.RuleTargetInput.from_event_path('$.detail.responsePayload.message'),\n )\n )\n```\n\n</p>\n</details>\n\n### Example 2. (Bring your own destinations)\n\n<details><summary>typescript</summary>\n<p>\n\n```python\nimport {\n SqsDestination,\n EventBridgeDestination,\n} from 'aws-cdk-lib/aws-lambda-destinations';\nimport { Bucket } from 'aws-cdk-lib/aws-s3';\nimport { Queue } from 'aws-cdk-lib/aws-sqs';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\nimport { ServerlessClamscan } from 'cdk-serverless-clamscan';\n\nexport class CdkTestStack extends Stack {\n constructor(scope: Construct, id: string, props?: StackProps) {\n super(scope, id, props);\n\n const bucket_1 = new Bucket(this, 'rBucket1');\n const bucket_2 = new Bucket(this, 'rBucket2');\n const bucketList = [bucket_1, bucket_2];\n const queue = new Queue(this, 'rQueue');\n const sc = new ServerlessClamscan(this, 'default', {\n buckets: bucketList,\n onResult: new EventBridgeDestination(),\n onError: new SqsDestination(queue),\n });\n const bucket_3 = new Bucket(this, 'rBucket3');\n sc.addSourceBucket(bucket_3);\n }\n}\n```\n\n</p>\n</details><details><summary>python</summary>\n<p>\n\n```python\nfrom aws_cdk import (\n Stack,\n aws_lambda_destinations as lambda_destinations,\n aws_s3 as s3,\n aws_sqs as sqs\n)\nfrom cdk_serverless_clamscan import ServerlessClamscan\nfrom constructs import Construct\n\nclass CdkTestStack(Stack):\n\n def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:\n super().__init__(scope, construct_id, **kwargs)\n\n bucket_1 = s3.Bucket(self, \"rBucket1\")\n bucket_2 = s3.Bucket(self, \"rBucket2\")\n bucketList = [ bucket_1, bucket_2 ]\n queue = sqs.Queue(self, \"rQueue\")\n sc = ServerlessClamscan(self, \"rClamScan\",\n buckets=bucketList,\n on_result=lambda_destinations.EventBridgeDestination(),\n on_error=lambda_destinations.SqsDestination(queue),\n )\n bucket_3 = s3.Bucket(self, \"rBucket3\")\n sc.add_source_bucket(bucket_3)\n```\n\n</p>\n</details>\n\n## Operation and Maintenance\n\nWhen ClamAV publishes updates to the scanner you will see \u201cYour ClamAV installation is OUTDATED\u201d in your scan results. While the construct creates a system to keep the database definitions up to date, you must update the scanner to detect all the latest Viruses.\n\nUpdate the docker images of the Lambda functions with the latest version of ClamAV by re-running `cdk deploy`.\n\n## API Reference\n\nSee [API.md](./API.md).\n\n## Contributing\n\nSee [CONTRIBUTING](./CONTRIBUTING.md) for more information.\n\n## License\n\nThis project is licensed under the Apache-2.0 License.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Serverless architecture to virus scan objects in Amazon S3.",
"version": "2.6.160",
"project_urls": {
"Homepage": "https://github.com/awslabs/cdk-serverless-clamscan",
"Source": "https://github.com/awslabs/cdk-serverless-clamscan"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "2ca94a70ee4413c97750d00c45eddca3ebe9761b2f5594c448e808242247b01a",
"md5": "04fa079e18341006d4b0d1953dbecb4e",
"sha256": "4722ec886efd0761a55e82ddad337ecc2644da29690e1199693a630dd1da6ed5"
},
"downloads": -1,
"filename": "cdk_serverless_clamscan-2.6.160-py3-none-any.whl",
"has_sig": false,
"md5_digest": "04fa079e18341006d4b0d1953dbecb4e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 152484,
"upload_time": "2024-04-25T00:26:34",
"upload_time_iso_8601": "2024-04-25T00:26:34.152297Z",
"url": "https://files.pythonhosted.org/packages/2c/a9/4a70ee4413c97750d00c45eddca3ebe9761b2f5594c448e808242247b01a/cdk_serverless_clamscan-2.6.160-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "26fb5b6ff57c59db82992f67594c07c96721e68d7253a9a1c973367c2a69fa0e",
"md5": "7a62bb26877d6ea9add6815c569834b6",
"sha256": "1243ea74055b686cc5d3b48ffa5b097a1803b85255cb179298e79a9b7902914a"
},
"downloads": -1,
"filename": "cdk-serverless-clamscan-2.6.160.tar.gz",
"has_sig": false,
"md5_digest": "7a62bb26877d6ea9add6815c569834b6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 154034,
"upload_time": "2024-04-25T00:26:44",
"upload_time_iso_8601": "2024-04-25T00:26:44.477981Z",
"url": "https://files.pythonhosted.org/packages/26/fb/5b6ff57c59db82992f67594c07c96721e68d7253a9a1c973367c2a69fa0e/cdk-serverless-clamscan-2.6.160.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-25 00:26:44",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "cdk-serverless-clamscan",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-serverless-clamscan"
}
JSON
