Protecting against malicious software with automated file scanning
This Guidance shows how to automate file scanning to protect against malicious content in business-to-business (B2B) file transfers across various industries and regulatory environments. If not detected, malware in inventory data, invoices, or compliance information can compromise your system, cause data breaches, or lead to ransomware events. By using AWS Transfer Family and other AWS services, you can automatically preprocess, scan, and validate incoming files to make sure they are free of malware threats. As a result, you can protect the integrity of your data, safeguard against potential financial losses and reputational damage, and instill confidence in your business interactions.
Please note: [Disclaimer]
Architecture Diagram
[Architecture diagram description]
Step 1
The user sends an authentication request to the AWS Transfer Family server, which forwards it using a custom identity provider.
Step 2
Transfer Family sends the user credentials, protocol, and IP address to an AWS Lambda authentication function using a password or an SSH key-based authentication (if no password is provided).
Step 3
The authentication function sends a query to AWS Secrets Manager for authentication.
Step 4
Secrets Manager returns the user credentials, including the stored password, the AWS Identity and Access Management (IAM) role mapping, the SSH key data, source IP Classless Inter-Domain Routing, and directory mappings to the authentication function.
Step 5
The Authentication Lambda function verifies the login and sends user-specific configurations to Transfer Family.
Step 6
The user uploads the files to the Transfer Family server. Each file is stored in an Amazon Simple Storage Service (Amazon S3) bucket. This event invokes a Transfer Family managed workflow implementation.
Step 7
A Transfer Family managed workflow initializes a sequence of configured processing steps. In a workflow step, the ClamAV Lambda function scans each file using a container image with ClamAV installed.
Step 8
Based on the scan result from the ClamAV Lambda function, the managed workflow tags the scanned files as either “infected” or “clean” in the same Amazon S3 bucket as in Step 6. (Infected objects cannot be downloaded.)
Step 9
In Amazon EventBridge, an Amazon EventBridge Scheduler rule is configured to run based on a cron expression to update the ClamAV image and virus definition by means of an automated pipeline.
Step 10
An AWS CodeBuild pipeline builds the container image with the latest ClamAV virus definitions and uploads it to Amazon Elastic Container Registry (Amazon ECR).
Step 11
A Lambda Update ClamAV function pulls the newly built container image from Amazon ECR and updates the container image in the ClamAV function, which is a part of the managed workflow.
Get Started
Deploy this Guidance
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
Amazon CloudWatch provides detailed, real-time logging for monitoring and visualization, storing data that can be useful in auditing and troubleshooting. CodeBuild provides DevOps automation, and Lambda automates serverless event processing. Together, these services enhance operational excellence by automating workflows, enabling secure data transfers, offering real-time insights, and providing efficient, agile, and robust resource management.
-
Security
Transfer Family provides a secure method for file transfers, reducing the risk of data breaches during transit through in-transit encryption. IAM provides fine-grained access control so that only authorized entities can access resources. Amazon S3 encrypts data at rest, and bucket policies let you control access at bucket and object level.
-
Reliability
Amazon S3 provides durable storage with 99.999999999% (11 nines) durability so that data remains intact and accessible. The Lambda functions that process events are serverless, so they automatically scale based on workflow volume and processing needs to deliver consistent performance. CloudWatch monitors the environment and can invoke alarms for any anomalies.
-
Performance Efficiency
Transfer Family, CloudWatch, CodeBuild, Amazon S3, EventBridge, and Lambda work together to improve performance efficiency. These services—which automate workflows, provide real-time monitoring, and enable scalable computing and storage—collectively optimize resource usage, enhance system responsiveness, and streamline overall operations.
-
Cost Optimization
With Transfer Family, you only pay for the amount of data you transfer, so you can avoid the overhead of traditional file-transfer infrastructures. Additionally, you can use cost-effective Amazon S3 storage tiers, which enable you to optimize storage costs based on your access patterns and needs. Finally, Lambda provides a pay-as-you-go model, so you only pay for the compute time you consume, and EventBridge only uses event-based compute.
-
Sustainability
As serverless services, Transfer Family and Lambda both provide automatic scaling so that resources match actual demand, leading to efficient utilization and reduced energy consumption. For example, Lambda automatically scales with the number of file transfers. Additionally, EventBridge runs compute only in response to events, helping you further avoid continuous consumption of resources. Finally, Amazon S3 Intelligent-Tiering supports sustainable data storage by dynamically adjusting storage tiers based on access patterns to avoid overprovisioning and reduce your environmental impact.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.