I have implemented an antivirus system using ClamAV on one of my apps which uses Google cloud storage for uploading files. Currently what I am doing is, listening to bucket upload, download it on one of my servers, scan it using ClamAV, and deleting it if it was infected.

I am a newbie to this, Is it possible that the whole cloud bucket gets infected by a virus on upload only. i.e, can a virus execute himself on the bucket(any cloud bucket) itself?

If yes then please suggest some other solution to solve this issue as my current solution would be ineffective in this case.


Solution 1:

The infection would be on the objects, not on the bucket itself.

  1. If a Virus would be infecting other files a new version would be uploaded to the bucket. So By listening the uploads any modification to any object will be analyzed.
  2. The Virus would need to be executed by itself and the buckets don't provide any processor available for them to get executed by themselves so it's not an issue.

As an advise on the architecture you can reduce some traffic and mainly disk usage on the VM running ClamAV by mounting the bucket as a unit on the VM running the antivirus.

To mount the bucket to the VM can be done with gcsfuse here I have an answer with this explained with more detail, basically is by running the following command:

sudo mount -t gcsfuse -o implicit_dirs,allow_other,uid=1000,gid=1000 <BUCKET> <PATH>