1

I am new to security topics, please don't assume knowledge and spare no details if you're able to answer my questions.

I am trying to design a system that performs the basic functionality of virusTotal. Basically I want users to upload files. I will then extract metadata - use some engines to scan the file , and provide the user with a final report including metadata.

I want to store these files forever, if possible. My first instinct for the storage choice was amazon s3. My questions:

  1. Some of these files are harmful, is it ok to store them in s3? e.g
    could an executable cause damage just by being put in s3?

  2. Should I store harmful and unharmful files separately?

  3. Is there anything I should do before storing these potentially harmful files? e.g perhaps trying to encrypt them or something?

Improve this question
3
  • welcome - something you don't specify is the type of file you're storing - if you're system contains in-confidence or personal information, you will have an important problem to solve in addition to a file carrying malign content ; it's quite common to receive files from users into a cordon sanitaire and in this case you're pushing that back onto aws-s3 .. the key here will be understanding the workflow .. are your systems isolated from this store? .. what about your users' systems? .. once the report is generated, why do the bytes need to be stored forever? Commented Sep 15, 2024 at 0:58
  • @brynk thank you for the reply. There is no limit on the type of file, it could be text, executable, ... . Regarding personal information, the users are warned not to upload anything containing personal information, so that is not a problem. Regarding why we need to store the file forever, that is a specified requirement. I think we want to be able to share them with researchers. Commented Sep 15, 2024 at 1:18
  • You also need take into account that you're using AWS S3 to store mostly malware. Is that allowed from the side of AWS? Commented Sep 15, 2024 at 12:01

1 Answer 1

Reset to default
1

First off, I strongly recommend against setting up an online malware scanner when you're new security. You're (by design) exposing the system to very high risks, and this requires a deep understanding of proper security measures. Even a seemingly minor mistake can trigger the malware and cause major damage not just to your own system but potentially many others – it's easy to imagine the legal and financial trouble this can lead to.

As to your questions:

  1. No, it's not OK to keep the (potential or actual) malware on cloud storage. The files must be isolated from any network access as much as possible, ideally through an air gap. Malware needs some trigger to execute, but you have to consider that users interacting with your system can purposely or accidentally trigger the malware, or maybe the system itself does while processing the stored data.
  2. Yes, you should definitely separate harmful files from any other data. Note that even files which have passed the scan are potentially harmful, because no malware scanner is perfect.
  3. Encrypting the file content can help a bit, but isolation is far more important.
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.