0

I have implemented an antivirus system using ClamAV on one of my apps which uses Google cloud storage for uploading files. Currently what I am doing is, listening to bucket upload, download it on one of my servers, scan it using ClamAV, and deleting it if it was infected.

I am a newbie to this, Is it possible that the whole cloud bucket gets infected by a virus on upload only. i.e, can a virus execute himself on the bucket(any cloud bucket) itself?

If yes then please suggest some other solution to solve this issue as my current solution would be ineffective in this case.

Soni Sol
  • 231
  • 1
  • 9
Raghu Chahar
  • 101
  • 2

1 Answers1

3

The infection would be on the objects, not on the bucket itself.

  1. If a Virus would be infecting other files a new version would be uploaded to the bucket. So By listening the uploads any modification to any object will be analyzed.
  2. The Virus would need to be executed by itself and the buckets don't provide any processor available for them to get executed by themselves so it's not an issue.

As an advise on the architecture you can reduce some traffic and mainly disk usage on the VM running ClamAV by mounting the bucket as a unit on the VM running the antivirus.

To mount the bucket to the VM can be done with gcsfuse here I have an answer with this explained with more detail, basically is by running the following command:

sudo mount -t gcsfuse -o implicit_dirs,allow_other,uid=1000,gid=1000 <BUCKET> <PATH>

Soni Sol
  • 231
  • 1
  • 9
  • Thanks, @Soni, Actually I am using Kubernetes pods for ClamAV, can you please explain the advantages of mounting pod with cloud storage. Also Here is this thread https://superuser.com/questions/87242/can-a-virus-execute-by-itself which explains there are few viruses that can execute by themselves. – Raghu Chahar Nov 27 '20 at 04:21