ClamAV AWS S3 local mirror

Description

ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. This project creates local database mirror which will be stored in S3 bucket and available internally via Gateway Endpoint.

Lab Schema

IaC

Resources list

S3AsParameter

S3 bucket name, to be used in CodeBuild buildspec definition.

CodeBuildRole

IAM role including inline policy to be assumed by CodeBuild.

CloudWatchRole

IAM role including inline policy to be assumed by CloudWatch.

S3Bucket

S3 Bucket to store local clamAV updates.

S3BucketPolicy

S3 Bucket policy to grant:

  • RW access for CodeCommit Role
  • RO access for All

CodeBuildFreshAV

CodeBuild Project to download clamAV updates from official servers and store it in S3 Bucket.

CodeBuildTrigger

Event (runs periodically) to start CodeBuild project to refresh clamAV files stored in S3 Bucket.

Post Configuration

1.Start CodeBuild

Go to CodeBuild and Start Build Project manually (you can still wait up to 6h for CloudWatch event to start it automatically).

2.Finish CodeBuild

Wait for CodeBuild to be finished.

3.Check S3

Check if S3 Bucket has been populated with files.

4.Check S3 URL

Go to CloudFormation outputs and collect S3 bucket url. If you used Terraform, URL will be displayed at the end of terraform apply command.

Client Config

5.Install software

Check/install freshclam package.

6.Update config file

Edit freshclam.conf file and update Database Mirror parameter using S3 URL captured in step 4.

me@radkowski.pro