hawk

command module

v0.0.5 Latest Latest Go to latest Published: Oct 31, 2022 License: MIT Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cloudina/hawk

Links

Open Source Insights

README ¶

HAWK

Introduction

Multi Cloud antivirus scanning API based on CLAMAV and YARA for AWS S3, AZURE Blob Storage, GCP Cloud Storage.

Features

Microservice for scanning stream with YARA and CLAMAV
Scans S3 Bucket Object
Moves Clean S3 Objects to another S3 Bucket
Quarantines Infected S3 Objects to another S3 Bucket
CLAMAV DB auto is updated to latest
[TODO] AZURE and GCP support
[TODO] Merge Various YARA rules to one set
[TODO] Auto Update YARA rules
[TODO] Support Yextend
[TODO] Improve Logging using logrus [https://github.com/antonfisher/nested-logrus-formatter]
[TODO] Harden Image

API

Available API are

POST /scanstream - scan stream

POST -d '{"bucketname": $S3_BUCKET "key": $S3_OBJECT }' /s3/scanfile - scan s3 file

GET /ruleset/ - list all loaded ruleset

GET /ruleset/{ruleset} - list all rules from a loaded rule

GET /metrics - get metrics
GET /health - get health info 
GET / - get index

Installation

Automated builds of the image are available on Registry and is the recommended method of installation.

docker pull hub.docker.com/cloudina/hawk:(imagetag)

The following image tags are available:

latest - Most recent release of ClamAV with REST API

Quick Start

Run hawk docker image:

docker run -p 9000:9999 -itd --name hawk cloudina/hawk

Test that service detects common test virus signature:

HTTP

$  curl --data "@./testsamples/request/s3filescan" http://0.0.0.0:9000/s3/scanfile -H 'Content-Type: application/json'

{"filename":"stream","matches":[{"Rule":"Win.Test.EICAR_HDB-1","namespace":"","tags":null}],"status":"INFECTED"}%                                   

$  curl --data "@./testsamples/scanfiles/eicar" http://0.0.0.0:9000/scanstream -H 'Content-Type: application/json'

{"filename":"stream","matches":[{"Rule":"Win.Test.EICAR_HDB-1","namespace":"","tags":null}],"status":"INFECTED"}                           

$ curl --data "@./testsamples/scanfiles/hello.txt" http://0.0.0.0:9000/scanstream -H 'Content-Type: application/json'

{"filename":"stream","matches":[],"status":"CLEAN"}

Networking

Port	Description
`3310`	ClamD Listening Port
`9999`	HAWK Container Port

Debug

For debugging the running container

docker exec -it (whatever your container name is e.g. hawk) /bin/ash

Build

For building

docker build -t (whatever your image name is e.g. hawk) .

Prebuild Image

docker pull cloudina/hawk

Acknowledgements

References

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL