AWS has recently announced support for Amazon Elastic File System (EFS) within AWS Lambda. This change creates new possibilities for serverless applications. In this article I will demonstrate one such possibility — centralising the storage and updating of the ClamAV virus database.
ClamAV
ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
Like any antivirus solution, ClamAV needs to be kept up to date to be fully effective. Ordinarily the virus database can be updated by issuing the freshclam command. However, this requires that the instance running the command have internet access. When developing secure architectures in public cloud it is sometimes necessary to have fully isolated subnets which, do not have internet access. Additionally, strict security compliance requirements may dictate that virus definitions are not updated directly from the internet but instead be updated from a centralised location within the VPC.
Combining EFS, Lambda and EC2 we can create a configuration that will meet these requirements.
Design
The below diagram represents the architecture we will implement.
Our virus database will be stored on an EFS file system. EC2 instances will be configured to use this file system for their virus definitions (we will deploy the instance in a public subnet in this example just to keep things simple). A “freshclam” Lambda function will keep the virus database stored on EFS up to date.
Terraform
The Terraform code at aw5academy/terraform/clamav will provision the resources for us.
Deploy the stack by issuing the following commands:
git clone https://gitlab.com/aw5academy/terraform/clamav.git
cd clamav
terraform init
terraform applyChef
As part of the Terraform stack we create an EC2 instance. This instance’s user data clones the repository at aw5academy/chef/clamav containing a Chef cookbook which, bootstraps the instance, installing ClamAV, mounting the EFS file system and configuring the virus database to point to a path on the EFS file system.
EC2 Instance
Lets now login to our EC2 instance to test our setup.
SSH into the EC2 instance with:
ssh -i clamav.pem ec2-user@`terraform output ec2-public-ip`Next verify no virus definitions are present:
clamconf |grep -A 3 "Database information"
As expected, we see none because our Lambda function has not yet executed. So lets invoke the “freshclam” lambda function with:
aws lambda invoke --function-name freshclam /dev/null --region us-east-1Now verify the virus definitions are present:
clamconf |grep -A 3 "Database information"
As we now have a valid database we can perform a virus scan:
clamscan .bash_profile
Success!
Cleanup
To remove the stack, from your local terminal run:
terraform destroySummary
This is just one example of a real world application of EFS with Lambda. I hope you find this article and the sample code useful.
AW5 Academy 
This is great,really easy to understand and very straight forward steps to follow