Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • We can only scan files up to a certain size (25MB). It is very time/resource consuming to scan very large files (if we scan every file uploaded) and most files containing virus are small in size.
  • The synapse production bucket is setup to notify only multipart uploads (SeeĀ 
    Jira Legacy
    serverSystem JIRA
    serverIdba6fb084-9827-3160-8067-8ac7470f78b2
    keyPLFM-7065
    ). We do not scan simple uploads since synapse always uses multipart uploads and each part is uploaded as a simple upload that would create a lot of overhead

Deployment

The lambda function is built using as jenkins job (TODO put reference) that builds the zip package and uploads it to artifactory. The stack builder creates a dedicated stack for the lambda downloading the zip artifact and uploading to an S3 bucket so that it can be referenced by the function, additionally each bucket that need scanning is configured to send notifications after an upload to the SNS topic that the function is triggered by.