Stu Eggerton


Malware scanner for secure upload of Blobs to Azure Storage

Problem statement

Users can upload files to Azure blob storage for others to download.

We don't want the files downloaded to contain Malware.


Diagram of storage, web app, vm

  1. User uploads a file to a web app
  2. Web app stores upload in container (named quarantine)
  3. Web app adds message to queue to request scan in Azure Storage Queue
  4. VM reads message and download file
  5. VM scans for malware
  6. A malware check is completed and either
  1. Users of the application request download to web app
  2. web app returns file from ScannedOK container

Note: VM uses Managed Identity and KeyVault Policy to connect to KeyVault and request queue connection string and SAS tokens enabling read/write from containers

Source code on GitHub