How to Provide Virus-Scanning as a Service Utilizing the Serverless IBM Code Engine Platform
3 min read
This post will show you how to automatically scan files in an IBM Cloud Object Storage (COS) bucket for viruses with the help of IBM Code Engine.
What is IBM Cloud Code Engine?
We recently announced IBM Cloud Code Engine as the newest platform to host all of your cloud native workloads. With Code Engine, you can enjoy the cloud again.
IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure using Namespace isolation, all of them can seamlessly, but securely, work together. The Code Engine experience is designed to focus on writing code and not on the infrastructure needed to host it.
Code Engine helps developers by hiding many of the complex tasks, such as configuration, dependency management, etc. Code Engine simplifies container-based management and enables you to concentrate on writing code. It also makes available many of the features of a serverless platform, such as "scale-to-zero."
The problem
This blog post is inspired by a real client’s use case. The client has a large service platform where a lot of data gets uploaded every day, and these files are stored in IBM Cloud Object Storage (COS). COS doesn't come with a built-in service to detect malicious files, but the client needs to be sure that no malware gets into their system, where it could exploit possible vulnerabilities. Open vulnerabilities can create the risk of losing valuable assets, which the client wants to protect. Therefore, the client needs an easy and quick solution to ensure that no infected files get inside their system.
The solution
IBM Code Engine is the perfect platform to implement such a service because it manages all the infrastructure for you and scales automatically based on the number of files uploaded in parallel. This means that IBM Code Engine offers a cheap and easy solution to check files for viruses.
The architecture
- A user uploads a file to an IBM COS “inbox/entry” bucket.
- When the job gets triggered by a file upload, it will pull the file that needs to be checked and perform a scan operation with the ClamAV anti-virus software.
- Depending on whether the file is infected or not, the file will be moved to either to the dirty bucket or the clean bucket.
Note: ClamAV was taken as sample because it provides good NodeJS integration (NodeJS-API). Further integration with Notification Tools (e.g., Pager Duty) would be possible for files being moved to the dirty bucket.
Lessons learned
IBM Cloud Code Engine enables a developer to develop a new scalable cloud-based service quickly and easily. Code Engine, as a serverless platform, can quickly scale jobs based on demand, and with its pay-per-call price model, the customer only pays for what he needs.
Due to its open-source-based architecture (e.g., leveraging Knative and Istio), it is easy to use, provides good portability and accelerates development workflows and workloads by managing the infrastructure for you in the background.
More resources and getting started
If you want to try IBM Cloud Code Engine out for yourself, use the tutorial and sample code provided in the project’s Github repository or visit the homepage.
If you have any questions, get help directly by reaching out to me via email.
Thanks to Oliver Rebmann and Till Koellmann for the incredible support during my time working on this project.
