Sha256: 3ef455453bcdf9224de0f90a312ba393aed9c09af2d6533d210a6eac94135e1a
Contents?: true
Size: 1.04 KB
Versions: 18
Compression:
Stored size: 1.04 KB
Contents
# <%= @next_adr_id %>. ClamAV File Scanning Date: <%= Date.today.iso8601 %> ## Status Accepted ## Context In order to satisfy the [RA-5](https://nvd.nist.gov/800-53/Rev4/control/RA-5) control around vulnerability scanning, we wish to scan all user-uploaded files with a malware detection service. These files are user-supplied, and thus cannot fit into our other security controls built into the CI/CD pipeline. ## Decision We will run a ClamAV daemon, fronted by a REST API that we will pass all user-uploaded files through as part of the upload process. <% if terraform_dir_exists? %> The ClamAV app is deployed along with other infrastructure by terraform. <% else %> The ClamAV app is based on a [separate government-controlled repository](https://github.com/18f/clamav-api-cg-app) <% end %> ## Consequences While our user-supplied files will now have vulnerability protection, this architecture does not provide scanning of the application itself. Therefore we must find other solutions to addressing SI-3 or RA-5 in the context of the application.
Version data entries
18 entries across 18 versions & 1 rubygems