AWS ClamAV Lambda Layer

based on https://github.com/sutt0n/serverless-clamav-lambda-layer

How to build locally

git clone https://github.com/bcgov/CONN-ClamAV-scan
./build.sh

After successfult build.sh execution, archive clamav_lambda_layer.zip would be generated in the ./layer folder.

Archive does not contain virus definitions and thus it can be included in the terraform lambda deployment script.

How to use it

Using AWS console (or Terraform, serverless, CloudFormation or SAM) create two lambdas that use same lambda layer generated by the current project. Both lambdas can use same hanlder.js, just call handler.virusScan and handler.updateDb functions. First lambda can be triggered by S3 PutObject event, second lambda can be triggered by CloudWatch event to run at specified interval to keep virus definitions up-to-date.

handler.js is provided as an example only. Code invokes clamscan and freshclam executables in the /bin folder.

Known issues

• Error "Error while loading shared libraries: libcurl.so.4: cannot open shared object file: No such file or directory".

  Error happens becuase clamscan and freshclam require environmental variable LD_LIBRARY_PATH to be set.

  Example: LD_LIBRARY_PATH=/opt/lib clamscan -v --database=/tmp/clamav /tmp/${record.s3.object.key}

• File scanning or definition update lambdas run indefinitely.

  Error happens because process requires more RAM or ephemerial storage. Recommended values - 2048Mb for each.

• Definition update lambda fails due to access denied error.

  Error happened because by default freshclam attepms to use opt/var/lib/clamav location.

  To fix the issue, provide --database=/tmp/clamav parameter; tmp location is the only writable location tha can be used by lambda