ClamAV S3 Mirror

Diagram

Requirements

AWS cli setup properly
Clone this repo git clone https://github.com/johnalvero/clamav-s3-mirror.git

Create the buckets

# Source Bucket
aws s3 mb s3://<source-bucket>

# Target Bucket
aws s3 mb s3://<target-bucket>

Pack and send the source files to the source bucker

Before doing this step, make sure to update the target bucket location in buildspec.yml

zip clamav-mirror.zip buildspec.yml clamdownloader.pl
aws s3 cp clamav-mirror.zip s3://<source-bucket>

Create the Service Role

Open put-role-policy.json file and modify the <source-bucket> and <target-bucket> parameters.

# Create service role. Take note of the role ARN as this will be needed in create-project.json
aws iam create-role --role-name <codebuild-clamav-mirror-role> --assume-role-policy-document file://create-role.json

aws iam put-role-policy --role-name <codebuild-clamav-mirror-role> --policy-name CodeBuildServiceRolePolicy --policy-document file://put-role-policy.json

Create a CodeBuild Project

Edit the file create-project.json, update the file with the necessary parameters. The serviceRole parameter is the ARN from the create-role command.

aws codebuild create-project --cli-input-json file://create-project.json

At this point, you may already test the build process through CodeBuild service page in the AWS Management Console. If the the previous steps are done successfully, you should see files in the target bucket already after the build is finished.

Setup a build trigger

This step schedules a regular run of the codebuild project.

Todo: aws iam create role aws cloudwatch put-rule

aws events put-rule --name "test-clamav-mirror-6hours" --schedule-expression "rate(6 hours)""

aws cloudwatch put-targets

Setup website hosting on the target bucket

aws s3 website s3://<target-bucket>/ --index-document index.html

# Modify target-bucket-policy.json to suit your configuration
aws s3api put-bucket-policy --bucket <target-bucket> --policy file://target-bucket-policy.json

Assign a Route53 hostname

This step is optional.

Agent / Clients Config

Tell freshclam to use the mirror. In /etc/clamav/freshclam.conf, make sure the following exists:

PrivateMirror <s3-url>

This overrides the DatabaseMirror configuration directive disabling DNS-based signature lookup.

For improvement

If you want to go even further, you can setup AWS CloudFront in front of the S3 bucket serving the AV signatures.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ClamAV S3 Mirror

Diagram

Requirements

Create the buckets

Pack and send the source files to the source bucker

Create the Service Role

Create a CodeBuild Project

Setup a build trigger

Setup website hosting on the target bucket

Assign a Route53 hostname

Agent / Clients Config

For improvement

About

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
README.md		README.md
buildspec.yml		buildspec.yml
clamdownloader.pl		clamdownloader.pl
codebuild-event-policy.json		codebuild-event-policy.json
create-project.json		create-project.json
create-role.json		create-role.json
diagram.jpeg		diagram.jpeg
put-role-policy.json		put-role-policy.json
target-bucket-policy.json		target-bucket-policy.json

dmitrijn/clamav-s3-mirror

Folders and files

Latest commit

History

Repository files navigation

ClamAV S3 Mirror

Diagram

Requirements

Create the buckets

Pack and send the source files to the source bucker

Create the Service Role

Create a CodeBuild Project

Setup a build trigger

Setup website hosting on the target bucket

Assign a Route53 hostname

Agent / Clients Config

For improvement

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages