This post will show you how to automatically scan files in an IBM Cloud Object Storage (COS) bucket for viruses with the help of IBM Code Engine.

What is IBM Cloud Code Engine?

We recently announced IBM Cloud Code Engine as the newest platform to host all of your cloud native workloads. With Code Engine, you can enjoy the cloud again.

IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure using Namespace isolation, all of them can seamlessly, but securely, work together. The Code Engine experience is designed to focus on writing code and not on the infrastructure needed to host it.

Code Engine helps developers by hiding many of the complex tasks, such as configuration, dependency management, etc. Code Engine simplifies container-based management and enables you to concentrate on writing code. It also makes available many of the features of a serverless platform, such as “scale-to-zero.”

The problem

This blog post is inspired by a real client’s use case. The client has a large service platform where a lot of data gets uploaded every day, and these files are stored in IBM Cloud Object Storage (COS). COS doesn’t come with a built-in service to detect malicious files, but the client needs to be sure that no malware gets into their system, where it could exploit possible vulnerabilities. Open vulnerabilities can create the risk of losing valuable assets, which the client wants to protect. Therefore, the client needs an easy and quick solution to ensure that no infected files get inside their system.

The solution

IBM Code Engine is the perfect platform to implement such a service because it manages all the infrastructure for you and scales automatically based on the number of files uploaded in parallel. This means that IBM Code Engine offers a cheap and easy solution to check files for viruses.

The architecture

  1. A user uploads a file to an IBM COS “inbox/entry” bucket.
  2. When the job gets triggered by a file upload, it will pull the file that needs to be checked and perform a scan operation with the ClamAV anti-virus software.
  3. Depending on whether the file is infected or not, the file will be moved to either to the dirty bucket or the clean bucket.

Note: ClamAV was taken as sample because it provides good NodeJS integration (NodeJS-API). Further integration with Notification Tools (e.g., Pager Duty) would be possible for files being moved to the dirty bucket.

Lessons learned

IBM Cloud Code Engine enables a developer to develop a new scalable cloud-based service quickly and easily. Code Engine, as a serverless platform, can quickly scale jobs based on demand, and with its pay-per-call price model, the customer only pays for what he needs.

Due to its open-source-based architecture (e.g., leveraging Knative and Istio), it is easy to use, provides good portability and accelerates development workflows and workloads by managing the infrastructure for you in the background.

More resources and getting started

If you want to try IBM Cloud Code Engine out for yourself, use the tutorial and sample code provided in the project’s Github repository or visit the homepage.

If you have any questions, get help directly by reaching out to me via email.

Thanks to Oliver Rebmann and Till Koellmann for the incredible support during my time working on this project.


More from Cloud

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…

IBM Cloud Databases for MongoDB (Enterprise Edition): Changes to backup functionality

< 1 min read - We are announcing that IBM Cloud Databases for MongoDB (Enterprise Edition) will no longer support the creation of On Demand backups beginning on March 1, 2024. On Demand backups are being replaced by the recently deployed Point in Time Recovery (PITR) capabilities in the Enterprise Edition of our popular fully managed MongoDB service. With PITR, you can restore a copy of your database to any point in the past seven days. This gives you granular access to the past state…