def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" % (start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object = event_object(event)
verify_s3_object_version(s3_object)
sns_start_scan(s3_object)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET, AV_DEFINITION_S3_PREFIX)
scan_result = clamav.scan_file(file_path)
print(
"Scan of s3://%s resulted in %s\n"
% (os.path.join(s3_object.bucket_name, s3_object.key), scan_result)
)
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
set_av_tags(s3_object, scan_result)
sns_scan_results(s3_object, scan_result)
metrics.send(
env=ENV, bucket=s3_object.bucket_name, key=s3_object.key, status=scan_result
)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
delete_s3_object(s3_object)
print(
"Script finished at %s\n" % datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC")
)
def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" %
(start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object = event_object(event)
file_path = download_s3_object(s3_object, "/tmp")
if AV_EXCLUDE_PATTERN is not None:
if re.search(AV_EXCLUDE_PATTERN, file_path) is not None:
print("File path matched exlusion pattern:%s" % AV_EXCLUDE_PATTERN)
return None
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
filehash = clamav.md5_from_file(file_path)
scan_result = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result, filehash)
set_av_tags(s3_object, scan_result, filehash)
sns_scan_results(s3_object, scan_result)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result,
hash=filehash)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
print("Script finished at %s\n" %
datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC"))
def scan_object(s3_object):
verify_s3_object_version(s3_object)
try:
is_object_scannable(s3_object)
except SizeError as e:
print(e.msg)
return
sns_start_scan(s3_object)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
scan_result = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
set_av_tags(s3_object, scan_result)
sns_scan_results(s3_object, scan_result)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
def publish_results(s3_object, scan_result, scan_signature):
result_time = get_timestamp()
sns_client = boto3.client("sns")
s3_client = boto3.client("s3")
ENV = os.getenv("ENV", "")
# Set the properties on the object with the scan results
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result, scan_signature, result_time)
set_av_tags(s3_client, s3_object, scan_result, scan_signature, result_time)
# Publish the scan results
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_scan_results(
sns_client,
s3_object,
AV_STATUS_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" %
(start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object = event_object(event)
(webhook, auth) = event_webhook(event)
webhook_scan_started(s3_object, webhook, auth)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
(scan_result, scan_output) = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
set_av_tags(s3_object, scan_result)
sns_scan_results(s3_object, scan_result)
webhook_scan_results(s3_object, scan_result, scan_output, webhook, auth)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
print("Script finished at %s\n" %
datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC"))
def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" %
(start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object, bucket, key_name = event_object(event)
inserted_date = calendar.timegm(time.gmtime())
updated_date = calendar.timegm(time.gmtime())
data_to_store = {
"s3_key": key_name,
"bucket_name": bucket,
"inserted_date": inserted_date,
"updated_date": updated_date,
"scan_state": "In Process"
}
trans_id = insert_data(data_to_store)
verify_s3_object_version(s3_object)
sns_start_scan(s3_object)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
scan_result = clamav.scan_file(file_path, trans_id)
updated_date = calendar.timegm(time.gmtime())
data = {"scan_state": scan_result, "updated_date": updated_date}
query = {"id": trans_id}
update_data(query, data)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
set_av_tags(s3_object, scan_result)
sns_scan_results(s3_object, scan_result)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(
AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
delete_s3_object(s3_object)
print("Script finished at %s\n" %
datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC"))
def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" %
(start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object = event_object(event)
verify_s3_object_version(s3_object)
sns_start_scan(s3_object)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
scan_result = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
try:
set_av_tags(s3_object, scan_result)
except s3_client.exceptions.NoSuchKey:
# handle case when an object is removed before the scan is completed
if AV_CHECK_FOR_FILE_BEFORE_TAGGING:
print("S3 object not found, skip tagging")
else:
raise Exception("We have a problem with obj tagging")
sns_scan_results(s3_object, scan_result)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
print("Script finished at %s\n" %
datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC"))
def lambda_handler(event, context):
start_time = datetime.utcnow()
print("Script starting at %s\n" %
(start_time.strftime("%Y/%m/%d %H:%M:%S UTC")))
s3_object_summary = event_object(event, True)
s3_object = event_object(event, False)
file_to_scan = os.path.join(s3_object.bucket_name, s3_object.key)
file_size_in_mb = s3_object_summary.size / 1024 / 1024
will_skip = float(file_size_in_mb) >= float(AV_SCAN_SKIP_SIZE_IN_MB)
print("s3://%s\n" % (file_to_scan))
print("File size: %s bytes (%sMB), AV_SCAN_SKIP_SIZE_IN_MB: %s, will skip: %s\n" %
(s3_object_summary.size, file_size_in_mb, AV_SCAN_SKIP_SIZE_IN_MB, will_skip))
if will_skip is True:
set_av_tags(s3_object, AV_STATUS_SKIPPED)
else:
verify_s3_object_version(s3_object)
sns_start_scan(s3_object)
file_path = download_s3_object(s3_object, "/tmp")
clamav.update_defs_from_s3(AV_DEFINITION_S3_BUCKET, AV_DEFINITION_S3_PREFIX)
scan_result = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" % (file_to_scan, scan_result))
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result)
set_av_tags(s3_object, scan_result)
sns_scan_results(s3_object, scan_result)
metrics.send(env=ENV, bucket=s3_object.bucket_name, key=s3_object.key, status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
print("Script finished at %s\n" %
datetime.utcnow().strftime("%Y/%m/%d %H:%M:%S UTC"))
def foo():
a.bar(f(x), y == f(x))
bar + send('my-report-id') + bar()
(hi, my)
(hi, my, bye)
A[1]
A[-1]
A[1:4]
A[1:4:-1]
A[::-1]
A[1:]
if 1 == 1: foo()
true
3.3
self.data
"nice" if is_nice else "not nice"
f(a, b(g(a, k)), c, c(k), a, c)
if node.id == node.id: foo()
def foo():
a.bar(f(x), y == f(x))
bar + send('my-report-id') + bar()
(hi, my)
(hi, my, bye)
A[1]
A[-1]
A[1:4]
A[1:4:-1]
A[::-1]
A[1:]
if 1 == 1: foo()
true
3.3
self.data
"nice" if is_nice else "not nice"
f(a, b(g(a, k)), c, c(k), a, c)
if node.id == node.id: foo()
resp = r.set_cookie("sessionid",
generate_cookie_value("RANDOM-UUID"),
secure=True)
def lambda_handler(event, context):
s3 = boto3.resource("s3")
s3_client = boto3.client("s3")
sns_client = boto3.client("sns")
# Get some environment variables
ENV = os.getenv("ENV", "")
EVENT_SOURCE = os.getenv("EVENT_SOURCE", "S3")
start_time = get_timestamp()
print("Script starting at %s\n" % (start_time))
s3_object = event_object(event, event_source=EVENT_SOURCE)
if str_to_bool(AV_PROCESS_ORIGINAL_VERSION_ONLY):
verify_s3_object_version(s3, s3_object)
# Publish the start time of the scan
if AV_SCAN_START_SNS_ARN not in [None, ""]:
start_scan_time = get_timestamp()
sns_start_scan(sns_client, s3_object, AV_SCAN_START_SNS_ARN,
start_scan_time)
file_path = get_local_path(s3_object, "/tmp")
create_dir(os.path.dirname(file_path))
s3_object.download_file(file_path)
to_download = clamav.update_defs_from_s3(s3_client,
AV_DEFINITION_S3_BUCKET,
AV_DEFINITION_S3_PREFIX)
for download in to_download.values():
s3_path = download["s3_path"]
local_path = download["local_path"]
print("Downloading definition file %s from s3://%s/%s" %
(local_path, AV_DEFINITION_S3_BUCKET, s3_path))
s3.Bucket(AV_DEFINITION_S3_BUCKET).download_file(s3_path, local_path)
print("Downloading definition file %s complete!" % (local_path))
scan_result, scan_signature = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
result_time = get_timestamp()
# Set the properties on the object with the scan results
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result, scan_signature, result_time)
set_av_tags(s3_client, s3_object, scan_result, scan_signature, result_time)
# Publish the scan results
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_scan_results(
sns_client,
s3_object,
AV_STATUS_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(
AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
delete_s3_object(s3_object)
stop_scan_time = get_timestamp()
print("Script finished at %s\n" % stop_scan_time)
def lambda_handler(event, context):
if AV_SCAN_ROLE_ARN:
sts_client = boto3.client("sts")
sts_response = sts_client.assume_role(
RoleArn=AV_SCAN_ROLE_ARN, RoleSessionName="AVScanRoleAssumption"
)
session = boto3.session.Session(
aws_access_key_id=sts_response["Credentials"]["AccessKeyId"],
aws_secret_access_key=sts_response["Credentials"]["SecretAccessKey"],
aws_session_token=sts_response["Credentials"]["SessionToken"],
)
s3_cross_account = session.resource("s3")
s3_cross_account_client = session.client("s3")
sns_cross_account_client = session.client("sns")
else:
s3_cross_account = boto3.resource("s3")
s3_cross_account_client = boto3.client("s3")
sns_cross_account_client = boto3.client("sns")
s3_local_account = boto3.resource("s3")
s3_local_account_client = boto3.client("s3")
sns_local_account_client = boto3.client("sns")
# Get some environment variables
ENV = os.getenv("ENV", "")
start_time = get_timestamp()
print("Script starting at %s\n" % (start_time))
print("Event received: %s" % event)
s3_object = event_object(event, s3_resource=s3_cross_account)
if str_to_bool(AV_PROCESS_ORIGINAL_VERSION_ONLY):
verify_s3_object_version(s3_cross_account, s3_object)
if object_does_not_require_scan(
s3_cross_account_client, s3_object.bucket_name, s3_object.key
):
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_skip_scan(
sns_local_account_client, s3_object, AV_STATUS_SNS_ARN, get_timestamp()
)
print(
"Scan of s3://%s was skipped due to the file being safely generated by a VISO process"
% os.path.join(s3_object.bucket_name, s3_object.key)
)
else:
# Publish the start time of the scan
if AV_SCAN_START_SNS_ARN not in [None, ""]:
start_scan_time = get_timestamp()
sns_start_scan(
sns_local_account_client,
s3_object,
AV_SCAN_START_SNS_ARN,
start_scan_time,
)
file_path = get_local_path(s3_object, "/tmp")
create_dir(os.path.dirname(file_path))
s3_object.download_file(file_path)
to_download = clamav.update_defs_from_s3(
s3_local_account_client, AV_DEFINITION_S3_BUCKET, AV_DEFINITION_S3_PREFIX
)
for download in to_download.values():
s3_path = download["s3_path"]
local_path = download["local_path"]
print("Downloading definition file %s from s3://%s" % (local_path, s3_path))
s3_local_account.Bucket(AV_DEFINITION_S3_BUCKET).download_file(
s3_path, local_path
)
print("Downloading definition file %s complete!" % (local_path))
scan_result, scan_signature = clamav.scan_file(file_path)
print(
"Scan of s3://%s resulted in %s\n"
% (os.path.join(s3_object.bucket_name, s3_object.key), scan_result)
)
result_time = get_timestamp()
# Set the properties on the object with the scan results
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result, scan_signature, result_time)
set_av_tags(
s3_cross_account_client, s3_object, scan_result, scan_signature, result_time
)
# Publish the scan results
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_scan_results(
sns_local_account_client,
s3_object,
AV_STATUS_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
# Publish clean scan results cross account
if (
scan_result == AV_STATUS_CLEAN
and str_to_bool(AV_STATUS_SNS_PUBLISH_CLEAN)
and AV_STATUS_CLEAN_SNS_ARN not in [None, ""]
):
sns_scan_results(
sns_cross_account_client,
s3_object,
AV_STATUS_CLEAN_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
metrics.send(
env=ENV, bucket=s3_object.bucket_name, key=s3_object.key, status=scan_result
)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
sns_delete_results(s3_object, scan_result)
delete_s3_object(s3_object)
stop_scan_time = get_timestamp()
print("Script finished at %s\n" % stop_scan_time)
def lambda_handler(event, context):
s3 = boto3.resource("s3")
s3_client = boto3.client("s3")
sns_client = boto3.client("sns")
# Get some environment variables
ENV = os.getenv("ENV", "")
EVENT_SOURCE = os.getenv("EVENT_SOURCE", "S3")
start_time = get_timestamp()
print("Script starting at %s\n" % (start_time))
s3_object = event_object(event, event_source=EVENT_SOURCE)
if str_to_bool(AV_PROCESS_ORIGINAL_VERSION_ONLY):
verify_s3_object_version(s3, s3_object)
# Publish the start time of the scan
if AV_SCAN_START_SNS_ARN not in [None, ""]:
start_scan_time = get_timestamp()
sns_start_scan(sns_client, s3_object, AV_SCAN_START_SNS_ARN, start_scan_time)
file_path = get_local_path(s3_object, "/tmp")
create_dir(os.path.dirname(file_path))
s3_object.download_file(file_path)
to_download = clamav.update_defs_from_s3(
s3_client, AV_DEFINITION_S3_BUCKET, AV_DEFINITION_S3_PREFIX
)
for download in to_download.values():
s3_path = download["s3_path"]
local_path = download["local_path"]
print("Downloading definition file %s from s3://%s" % (local_path, s3_path))
s3.Bucket(AV_DEFINITION_S3_BUCKET).download_file(s3_path, local_path)
print("Downloading definition file %s complete!" % (local_path))
# calculate the md5 of the virus defintion files
definition_md5 = clamav.get_definition_md5()
# check the file for an existing defintion md5 hash
s3_definition_md5 = clamav.md5_from_s3_tags(s3_client, s3_object.bucket_name, s3_object.key, AV_DEFINITION_MD5_METADATA)
# skip if there is a match
if definition_md5 == s3_definition_md5:
print("Not scanning because local defintion md5 matches s3 defintion md5.")
return
# Set AV_STATUS_SKIPPED if file exceeds maximum file size
s3_object_size_result = check_s3_object_size(s3, s3_object)
if s3_object_size_result == AV_STATUS_SKIPPED:
scan_result = s3_object_size_result
scan_signature = AV_SIGNATURE_UNKNOWN
else:
scan_result, scan_signature = clamav.scan_file(file_path)
print(
"Scan of s3://%s resulted in %s\n"
% (os.path.join(s3_object.bucket_name, s3_object.key), scan_result)
)
result_time = get_timestamp()
# Set the properties on the object with the scan results
if "AV_UPDATE_METADATA" in os.environ:
# AV_UPDATE_METADATA doesn't seem to be set anywhere - likely cant get here
set_av_metadata(s3_object, scan_result, scan_signature, result_time)
set_av_tags(s3_client, s3_object, scan_result, scan_signature, result_time, definition_md5)
# Publish the scan results
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_scan_results(
sns_client,
s3_object,
AV_STATUS_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
metrics.send(
env=ENV, bucket=s3_object.bucket_name, key=s3_object.key, status=scan_result
)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
delete_s3_object(s3_object)
stop_scan_time = get_timestamp()
print("Script finished at %s\n" % stop_scan_time)
def foo():
bar()
bar + send('my-report-id') + bar()
def foo():
bar = 3
bar + send("my-report-id")
def lambda_handler(event, context):
global clamd_pid
aws_config = Config(connect_timeout=5)
s3 = boto3.resource("s3")
s3_client = boto3.client("s3", config=aws_config)
sns_client = boto3.client("sns", config=aws_config)
# Get some environment variables
ENV = os.getenv("ENV", "")
EVENT_SOURCE = os.getenv("EVENT_SOURCE", "S3")
if not clamav.is_clamd_running():
if clamd_pid is not None:
kill_process_by_pid(clamd_pid)
clamd_pid = clamav.start_clamd_daemon()
print("Clamd PID: %s" % clamd_pid)
start_time = get_timestamp()
print("Script starting at %s\n" % (start_time))
s3_object = event_object(event, event_source=EVENT_SOURCE)
if str_to_bool(AV_PROCESS_ORIGINAL_VERSION_ONLY):
verify_s3_object_version(s3, s3_object)
# Publish the start time of the scan
if AV_SCAN_START_SNS_ARN not in [None, ""]:
start_scan_time = get_timestamp()
sns_start_scan(sns_client, s3_object, AV_SCAN_START_SNS_ARN,
start_scan_time)
file_path = get_local_path(s3_object, "/tmp")
create_dir(os.path.dirname(file_path))
s3_object.download_file(file_path)
scan_result, scan_signature = clamav.scan_file(file_path)
print("Scan of s3://%s resulted in %s\n" %
(os.path.join(s3_object.bucket_name, s3_object.key), scan_result))
result_time = get_timestamp()
# Set the properties on the object with the scan results
if "AV_UPDATE_METADATA" in os.environ:
set_av_metadata(s3_object, scan_result, scan_signature, result_time)
set_av_tags(s3_client, s3_object, scan_result, scan_signature, result_time)
# Publish the scan results
if AV_STATUS_SNS_ARN not in [None, ""]:
sns_scan_results(
sns_client,
s3_object,
AV_STATUS_SNS_ARN,
scan_result,
scan_signature,
result_time,
)
metrics.send(env=ENV,
bucket=s3_object.bucket_name,
key=s3_object.key,
status=scan_result)
# Delete downloaded file to free up room on re-usable lambda function container
try:
os.remove(file_path)
except OSError:
pass
if str_to_bool(
AV_DELETE_INFECTED_FILES) and scan_result == AV_STATUS_INFECTED:
delete_s3_object(s3_object)
stop_scan_time = get_timestamp()
print("Script finished at %s\n" % stop_scan_time)
