Virus Scanning - Perform the Virus Scan

User Story As a Security Analyst for SIMS, I would like to ensure that malware is not propagated VIA SIMS due to the reputational risk and as such require that all files received via SIMS are scanned. The scan happens at regular intervals rather than in real-time which means that it can be handled asynchronously instead of right away when the file is received. This ticket implements the virus execution once the ClamAV server is deployed to OpensShift and is also available for local development.

Acceptance Criteria

[ ] Enable a queue-consumers method to execute the scan in all uploaded files, similar to start-application-assessment.
- [ ] It should be enabled as a queue, not a scheduler, to allow the files to be scanned as soon as possible.
- [ ] Create new columns on DB to track the scanning processes (the below ones are suggestions).
- virus_scan_status: Pending, In-progress, Virus detected, File is clean (the enum types are suggestions).
- virus_scan_status_updated_on
[ ] Define the lib to execute the scan, for instance, client libraries. If there is a good nest nest-js lib, please try to use it (e.g. https://www.npmjs.com/package/nestjs-clamscan).
[ ] Validate scan failure using the EICAR Test file
[ ] Execute a few manual uploads with 15Mb files (or something close to it).

Context

Deployed into a6ef19-dev via Helm, requires limits of 3GB RAM and 1CPU per pod A Common Service exists for the signature files.
Common Service deployment source
Clone and create deployable YAMLhelm template dev . --namespace licenseplate-dev
Run locally via docker docker run -it --rm --platform linux/amd64 -p 3310:3310 --name clamav ghcr.io/bcgov/clamav-unprivileged:ca3d42f3dde3c5aa9bcab636f752119bbe6a67e8
Sample code uses Docker above, unzip and perform npm i then npm start
For a Virus HIT update eicar.txt and replace text with X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

bcgov / SIMS

Virus Scanning - Perform the Virus Scan #3377