Table of contents

S3 Bucket has malware scanning enabled

Topics on this page
Risk Level
Description
Rationale
Pillar / Type
Audit steps
Via Console
Via Cli / API
Remediation steps
References

Risk Level

High (not acceptable risk)

Description

Ensure that all objects stored in your S3 Buckets are scanned against malware and malware variants in order to protect applications and infrastructure using this information.

Rationale

Malware in files that are uploaded to your S3 Buckets can attack applications, computers, servers and networks with the intent of gathering protected information, misusing resources or opening backdoors into more critical systems. An event-driven scan can prevent this kind of attack by ensuring that infected files are quarantined or locked out preventing applications, computers, servers and networks from accessing the infected files stopping spread right at the point of entry.

Pillar / Type

Security

Audit steps

Via Console

  1. Log into your AWS Console.
  2. Go to the S3 Console.
  3. Select the bucket to review
  4. In the Properties tab under Event Notifications, select and edit the event notification associated with FSS (Event Types: All Object Create Events, Destination Type: Lambda Function, Destination: Look for a name similar to All-in-one-TM-FileStorageSecu-BucketListenerLambda.
  5. If no such event notification is found, then the bucket is not protected by Cloud One File Storage Security.

Via Cli / API

  1. Run the following command using your AWS CLI: aws s3api get-bucket-notification-configuration --bucket <YourBucketName>.
  2. Look for a notification with the following properties:
  3. LambdaFunctionArn: Look for a value similar to arn:aws:lambda:<awsaz>:<awsaccountid>:function:All-in-one-TM-FileStorageSecu-BucketListenerLambda-<randomvalue>:TM-FSS-MANAGED
  4. Events: s3:ObjectCreated
  5. If no such event notification is found, then the bucket is not protected by Cloud One File Storage Security.

Remediation steps

  1. Log into your Cloud One Console and select File Storage Security.
  2. Also log into your AWS Console in a separate tab.
  3. Click on Stack Management on the left side.
  4. Click on Deploy and select Scanner Stack and Storage Stack.
  5. Enter your bucket and other settings.

For additional details see the Cloud One File Storage Security documentation on AWS Deployment steps.

References

What is File Storage Security?