• Eliminates the ECS task completely
• Result of a lot of research into the Lambda service
• Scanner/mover is python:
○ But using AWS CLI... (because it's easier to pipe!)
○ AWS CLI is now a platform-provided Lambda layer
○ ClamAV daemon is a Lambda extension
○ First scan has a 20 second overhead (clamd warmup)
• Decrypter is a python lambda using python-gnupg:
○ Again, uses AWS CL layer (easier piping)
○ Uses some “clever” build techniques to add missing GPG functionality into the Lambda runtime
• Refresh Lambda updates the ClamAV DB if it is more than a day old - but of course only when the SF is invoked!
○ ClamAV handles its own synchronization so there should be no race condition worries!
