Skip to main content

Anti-Malware / Antivirus

Overview

The Anti-Malware module provides automated security scanning for all documents in your FormKiQ system using the ClamAV antivirus engine. This module automatically protects your document management system from trojans, viruses, malware, and other malicious threats.

Key Features

  • Automatic scanning of all new documents
  • Automated document status tracking
  • Scan results tagged on documents

How It Works

  • Using FormKiQ's Document Events, each newly-created document is automatically added to a ClamAV Scanning SQS queue.

  • An AWS Lambda function for ClamAV virus scanning pulls each document from the SQS queue and scans it for trojans, viruses, malware, and other malicious threats.

  • The results from the scan are:

    • Added as S3 Tags to the document (CLAMAV_SCAN_STATUS, CLAMAV_SCAN_TIMESTAMP)
    • Tags are added to Document in DynamoDB (CLAMAV_SCAN_STATUS, CLAMAV_SCAN_TIMESTAMP)

Processing Documents Based on Scan Status

Once antivirus or malware scanning is enabled, each document will include scan metadata in its attributes, such as:

{
  "CLAMAV_SCAN_STATUS": "CLEAN",
  "CLAMAV_SCAN_TIMESTAMP": "2025-10-08T15:30:22Z"
}

Using Document Actions

If you want to automatically process documents based on their antivirus scan results, you can use the Document Actions feature.

To do this:

  • Create a Document Action with the ANTIVIRUS action type

    • This ensures the document action will only trigger after a document has completed its antivirus scan.

  • Add a secondary action with the EVENTBRIDGE action type.

    • This allows you to publish a custom event to Amazon EventBridge whenever a scan completes, which can then trigger downstream processing (e.g., routing infected files, notifying admins, or moving clean documents for further classification).

See Document Actions and https://docs.formkiq.com/docs/features/documents#amazon-eventbridge[Amazon EventBridge]

Use Cases

Compliance Requirements

  • Meets organizational compliance goals requiring antivirus scanning of all documents
  • Provides automated scanning without additional effort

External Document Processing

  • Secures documents received from external sources
  • Protects documents processed through:
    • FormKiQ API's public endpoints
    • Optional FormKiQ Add-On Modules (e.g., Document Email Processing)
  • Safeguards both stored and exported documents