Prevent malware upload to uploadthing/s3 bucket
Hey all, I need to allow file uploads for authenticated users which would then be read by my employees in aid of our medical services. I want to have all my bases covered with security esp in light of the recent LTT attack. How would you protect your s3/uploadthing bucket from malware, trojans etc.
Solution
Nyx is probably right that it would not hurt to post this in #uploadthing, but afaik this is not a feature built into upload thing.
One thing you could do it setup a node server that checks files and then writes them to S3 / Upload Thing. Depending on your file size / quantity though, this may need to be a actual node server running on something like https://railway.app as payload size and runtime are limited on serverless. Alternatively, you could upload files and then run checks later marking it in your DB or something which would make it so that when people upload stuff it does not take a long time scanning it (though the stuff about the node server still applies).
This library seems like it would work well for your use case. Obviously no lib is foolproof but this one does look relatively solid.
https://www.npmjs.com/package/clamscan
One thing you could do it setup a node server that checks files and then writes them to S3 / Upload Thing. Depending on your file size / quantity though, this may need to be a actual node server running on something like https://railway.app as payload size and runtime are limited on serverless. Alternatively, you could upload files and then run checks later marking it in your DB or something which would make it so that when people upload stuff it does not take a long time scanning it (though the stuff about the node server still applies).
This library seems like it would work well for your use case. Obviously no lib is foolproof but this one does look relatively solid.
https://www.npmjs.com/package/clamscan
Railway
Railway is an infrastructure platform where you can provision infrastructure, develop with that infrastructure locally, and then deploy to the cloud.
npm
Use Node JS to scan files on your server with ClamAV's clamscan/clamdscan binary or via TCP to a remote server or local UNIX Domain socket. This is especially useful for scanning uploaded files provided by un-trusted sources.. Latest version: 2.1.2, last published: a year ago. Start using clamscan in your project by running
npm i clamscan
