About Firebase virus scan

Question

I have a question about how often Firebase security definition files are updated

I have a question about Firebase.

I am currently using Firebase Hosting and Firebase Storage.

1. What does the Firebase Hosting server do for virus protection, such as virus scanning?
2. How often do you perform virus scans?
3. How often is the virus definition file updated?

thank you very much

Answer 1

I found this article on Firebase Terms of Service, and from the table of contents it is visible that :

• Firebase Hosting follows Google APIs Terms of Service and Firebase Data Processing and Security Terms
• Firebase Cloud Storage follows Google Cloud Platform Terms of Service. Cloud Storage for Firebase stores a Customer's objects in a Google Cloud Storage bucket, making them accessible through both Firebase and Google Cloud. Google Cloud Storage offers multiple storage classes that can be used through Cloud Storage for Firebase

You can visit these links and check the security terms of service for each one of them, which mentions, though Google will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in the "Security Measures" but Customer is solely responsible for its use of the Services, including:

• Making appropriate use of the Services and the Additional Security Controls to ensure a level of security appropriate to the risk in respect of the Customer Data
• Securing the account authentication credentials, systems and devices Customer uses to access the Services
• Backing up its Customer Data

Coming on to the questions you have asked, there is no virus scanning that takes place for firebase protection. Instead Firebase is protected by :

• Zero-configuration SSL which is built into Firebase Hosting, so content is always delivered securely. Firebase Hosting provisions an SSL certificate for each of your domains and serves your content over a global CDN.
• Express.js middleware, which is using a REST API supported by Firebase.You can build custom logic into serving your microservices, APIs, and other HTTPS endpoints. For example, with just a few lines of code, you can integrate popular Node.js middleware offerings to build additional security layers, like access management by IP or protection from denial-of-service (DDoS) attacks.
• Firebase Security Rules. You must define and deploy Rules for each Firebase product you use in your app.
• Firebase Hosting works out-of-the-box with Firebase services, including Authentication as well. So integration of Firebase Hosting and Authentication service of Firebase can also help secure your firebase app.

For Cloud Storage however you can create an event-driven pipeline that can help you automate the evaluation of documents for malicious code. This pipeline is built by using Google Cloud products along with an open source antivirus engine called ClamAV. For this tutorial, ClamAV runs in a Docker container hosted in the App Engine flexible environment. The pipeline also writes log entries to Cloud Logging when a malware-infected document is detected.

The following steps outline the architectural pipeline:

• You upload files to Cloud Storage.
• The upload event automatically triggers a Cloud Function.
• The Cloud Function invokes the malware-scanner service running in App Engine.
• The malware-scanner service scans the uploaded document for malware.
• If the document is infected, the service moves it to a quarantined bucket otherwise the document is moved into another bucket that holds uninfected scanned documents.