1

Has anyone had success implementing a mechanism that can scan uploaded files for malware when using Azure? In this instance, I would be using their Sites and storage options, rather than controlling an entire OS.

In some cases, I know companies have had appliances that sit inline and scan everything. However, those usually require a physical appliance, which cannot be done in the cloud.

Has anyone seen an efficient alternative in Azure? I am trying to avoid the following recommendation: "Spin up a VM with an Anti Malware/Anti Virus endpoint agent on it, send the file to that system, and then if the file is still there, believe it is safe"

appsecguy
  • 209
  • 2
  • 5

1 Answers1

0

Unfortunately the building blocks of every cloud service is a VM! That is how Azure et al. make their money.

If you dump a file into Azure, be it on a server, or straight to a blob then it is simply copied, it would cause a lot of additional work for MS if they needed a process for dealing with false positives etc. As well as the perception problem that they are doing any sort of scanning of files as they are uploaded.

The only way you have got of checking is to spin up a VM and have it scan files as they are delivered, or perhaps have it fire up for an hour a day and do a scan.

Michael B
  • 748
  • 3
  • 10