0

I plan to add anti-virus protection to our web application that is being built. I have a concern that even the limited amount of files (PDF files, images, or even unknown binaries) that the user uploads may contain viruses.

Concerns:

  • The images are shared with other users (exposed to web pages) may contain viruses.
  • The PDF files that users share with each other may contain viruses.

The API that I build for this web application handles the file upload and this API is the file server as well.

Are there any state-of-the-art approaches to minimize the exposure of users to malware, including techniques in the API or techniques on the client-side (browser)? More specifically, I'm interested in solutions that would scan files in the API itself (backend). The files may be stored in a database or on the file-system.

I definitely searched Github for open-source tools and packages, moreover, ran several searches on Google against terms like "open source anti-virus API", "open-source malware HTTP API", but could not find any. Broader search terms resulted in a huge amount of unrelated results.

A related and outdated question investigates a similar problem, but I'm looking for a solution that would integrate well into a micro-service architecture, like Kubernetes, moreover, I think a canonical answer would be useful from an expert.

Dyin
  • 5,815
  • 8
  • 44
  • 69

1 Answers1

2

There are definitely solutions that can help you and integrate into your web application via an API. Here are a few that I am aware of:

  1. SophosLabs Intelix

Intelix is a threat intelligence platform that provides access via APIs through AWS Marketplace. There are three parts to the service lookups, static analysis and dynamic analysis. Each one will give a more detailed analysis of the file. Combining the three will give you a good protection for your web application.

  1. VirusTotal

VirusTotal is a community that will provide you with aggregated information showing you what various anti-malware vendors will say about your file. While VT is a great service, one thing to watch here is that VT is focused on being a community and therefore files uploaded are shared with others.

  1. Clam AV

Not one that I have personal experience of but Clam AV allow you to spin up a server and then query it using API. There is a tutorial / documentation here.

  1. Others

If you tweak your google search and look for Sandboxes most offer an API for a fee. A couple that come to mind Joe Sandbox, Falcon Sandbox which powers Hybrid Analysis.

As always, be careful of any cloud service that offers you scanning for free. Most of the free tools will share the reports and/or files within their community.

James Wilson
  • 1,541
  • 7
  • 20