Known Malware Detection

Made by Pangea

Checks files uploaded to Cloud Storage for known malicious behavior, isolates the file in a gzip formatted container if deemed malicious, and optionally keeps or deletes the original file.

20+
installs
Works with
Cloud Storage
Version
0.2.2 | Source code
License
Apache-2.0
Publisher
Pangea
Report
Bug
Abuse

How this extension works

Use this extension to automatically check files uploaded to a Cloud Storage bucket for malicious behavior. It will compare the hash of the file to against a list of 25 million known malicious files.

When a user uploads a file to your specified Cloud Storage bucket, this extension:

  • Detects if the file is a known malicious file. If it is, then:
    • Neutralizes the file by copying the file to a gzip formatted container.
    • Optionally, deletes the original file.

The extension can publish a completion event when a file is neutralized, which can be optionally enabled when you install it. If you enable events, you can write custom event handlers that respond to these events. You can always enable or disable events later. Events will be emitted via Eventarc.

Detailed configuration information

To configure this extension, you specify a Cloud Storage bucket to monitor and an absolute path within that bucket to copy the neutralized malicious files that are uploaded to it.

For example, say that you specify to monitor the bucket ‘my-project.appspot.com‘ and an isolation path of ‘/malicious‘. If a user uploads a file ‘virus.exe‘ to any sub-path in the ‘my-project.appspot.com‘ and the file’s hash matches that of a known malicious file, a gzip formatted file containing the file will be created at the path ‘/malicious/virus_exe.zip

Additional setup

Before installing this extension, make sure that you have signed up for a free Pangea account and have set up a Cloud Storage bucket in your Firebase project.

NOTE: As mentioned above, this extension listens for all changes made to the specified Cloud Storage bucket. This may cause unnecessary function calls. It is recommended to create a separate Cloud Storage bucket, especially for images you want to resize, and set up this extension to listen to that bucket.

Multiple instances of this extension

You can install multiple instances of this extension for the same project to configure. However, as mentioned before this extension listens for all changes made to the specified Cloud Storage bucket. That means all instances will be triggered every time a file is uploaded to the bucket. Therefore, it is recommended to use different buckets instead of different paths to prevent unnecessary function calls.

Troubleshooting

If events are enabled, and you want to create custom event handlers to respond to the events published by the extension, you must ensure that you have the appropriate role/permissions to subscribe to Pub/Sub events.

Billing

To install an extension, your project must be on the Blaze (pay as you go) plan

  • You will be charged a small amount (typically around $0.01/month) for the Firebase resources required by this extension (even if it is not used).
  • This extension uses other Firebase and Google Cloud Platform services, which have associated charges if you exceed the service’s no-cost tier:
  • Cloud Storage
  • Cloud Functions (Node.js 18+ runtime. See FAQs)
  • If you enable events Eventarc fees apply.

To install an extension, your project must be on the Blaze (pay as you go) plan

  • You will be charged a small amount (typically around $0.01/month) for the Firebase resources required by this extension (even if it is not used).
  • This extension uses other Firebase and Google Cloud Platform services, which have associated charges if you exceed the service’s no-cost tier:
    • Cloud Functions (Node.js 18+ runtime. See FAQs)

Usage of this extension also requires you to have a Pangea account. You are responsible for any associated costs with your usage of Pangea.