Login/Register
Virus Scanning Uploaded files from Azure Web/Worker Role
Asked Answered
Solved azureantivirusazure-media-servicessymantec
S

4

11

We are designing an Azure Website which will allow users to Upload content(MP4,Docx...MSOffice Files) which can then be accessed.

Some video content we will encode to provide several differing quality formats, before it will be streamed (using Azure Media Services).

We need to add an intermediate step so we can scan uploaded files for potential virus risk. Is there functionality built into azure (or third party) which will allow us to call an API to scan content before processing it? We are ideally looking for an API rather than just a background service on a VM, so we can get feedback potentially for use in a web or worker role.

Had a quick look at Symantec Endpoint and Windows Defender but not sure these offer an API

Sweetmeat answered 14/9, 2015 at 14:55 Comment(2)
Do take a look at Microsoft Antimalware Service: azure.microsoft.com/en-us/blog/….Troopship
@GauravMantri Is there an API available with that? We need to be able to deterministically pass in a file and get a response, rather than uploading and waiting to see if it is quarantined.Sweetmeat
R
3

I have successfully done this using the open source ClamAV. You don't specify what languages you are using, but as it's Azure I'll assume .Net.

There is a .Net wrapper that should provide the API that you are looking for:

https://github.com/tekmaven/nClam

Here is some sample code (note: this is copied directly from the nClam GitHub repo page and reproduced here just to protect against link rot)

using System;
using System.Linq;
using nClam;

class Program
{
    static void Main(string[] args)
    {

        var clam = new ClamClient("localhost", 3310);
        var scanResult = clam.ScanFileOnServer("C:\\test.txt");  //any file you would like!

        switch(scanResult.Result)
        {
            case ClamScanResults.Clean:
                Console.WriteLine("The file is clean!");
                break;
            case ClamScanResults.VirusDetected:
                Console.WriteLine("Virus Found!");
                Console.WriteLine("Virus name: {0}", scanResult.InfectedFiles.First().VirusName);
                break;
            case ClamScanResults.Error:
                Console.WriteLine("Woah an error occured! Error: {0}", scanResult.RawResult);
                break;
        }
    }
}

There are also APIs available for refreshing the virus definition database. All the necessary ClamAV files can be included in the deployment package and any configuration can be put into the service start-up code.

Rocky answered 14/9, 2015 at 15:0 Comment(0)
S
0

ClamAV is a good idea, specially now that 0.99 is about to be released with YARA rule support - it will make it really easy for you to write custom rules and allow clamav to use tons of good YARA rules in the open today.

Another route, and a bit of shameless plugging, is to check out scanii.com, it's a SaaS for malware/virus detection and it integrates quite nicely with AWS and Azures.

Shalandashale answered 15/9, 2015 at 16:50 Comment(3)
I've been trying to get a demo account through Scanii.com but I don't get a validation email from the web site even though I know my email address is correct, so I can never actually test the product. :-(Synchroscope
Sorry to hear that, can you shoot an email to [email protected] and we'll get you sorted out right away!Shalandashale
Other commercial options include Verisys Antivirus API and AttachmentScannerAlongside
P
0

There are a number of options to achieve this:

Firstly you can use ClamAV as already mentioned. ClamAV doesn't always receive the best press for its virus databases but as others have pointed out it's easy to use and is expandable.

You can also install a commercial scanner, such as avg, kaspersky etc. Many of these come with a C API that you can talk to directly, although often getting access to this can be expensive from a licensing point of view.

Alternatively you can make calls to the executable directly using something like the following to capture the output:

var proc = new Process {
    StartInfo = new ProcessStartInfo {
        FileName = "scanner.exe",
        Arguments = "arguments needed",
        UseShellExecute = false,
        RedirectStandardOutput = true,
        CreateNoWindow = true
    }
};
proc.Start();
while (!proc.StandardOutput.EndOfStream) {
    string line = proc.StandardOutput.ReadLine();
}

You would then need to parse the output to get the result and use it within your application.

Finally, now there are some commercial APIs available to do this kind of thing such as attachmentscanner (disclaimer I'm related to this product) or scanii. These will provide you with an API and a more scalable option to scan specific files and receive the response from at least one virus checking engine.

Pyosis answered 6/6, 2017 at 9:41 Comment(2)
I've tested AttachmentScanner with a file that has a known virus in it and the response I got was "status": "ok" which is not good. The API is easy to use, but not useful if it doesn't work.Synchroscope
Another commercial option is Verisys Antivirus APIAlongside
C
0

New thing coming Spring / Summer 2020. Advanced threat protection for Azure Storage includes Malware Reputation Screening, which detects malware uploads using hash reputation analysis leveraging the power of Microsoft Threat Intelligence, which includes hashes for Viruses, Trojans, Spyware and Ransomware. Note: cannot guarantee every malware will be detected using hash reputation analysis technique.

https://techcommunity.microsoft.com/t5/Azure-Security-Center/Validating-ATP-for-Azure-Storage-Detections-in-Azure-Security/ba-p/1068131

Constanta answered 17/3, 2020 at 21:30 Comment(1)
Unfortunately it checks files on blob after user upload them and time when it will be done is unknownGibran

© 2022 - 2024 — McMap. All rights reserved.