Skip to main content

Malware Scanner channel

Beta

This is a beta feature, which means we’re still developing it. Some functionality might change.

Use the Malware Scanner channel to easily scan files stored in Quickbase. By using this channel in a pipeline, you can apply custom business logic based on whether a file is clean or infected—for example, restricting downloads of infected files.

This channel accepts a Quickbase file attachment field or file URL and scans the file using Amazon GuardDuty. Based on the results, it returns one of the following statuses:

  • NO_THREATS_FOUND—No potential threats were detected that are associated with the scanned file.
  • THREATS_FOUND—A potential threat was detected that is associated with the scanned file.
  • UNSUPPORTED—The scan was not run. Possible reasons include password-protected files, reaching the Malware Protection for S3 quota, or unsupported Amazon S3 features.
  • FAILED—The malware scan was not completed on this file because of an internal error.

Based on your results, your pipeline can then make the appropriate changes to your app to allow or restrict access to the file attachment.

Learn more about Amazon GuardDuty.

Important

Quickbase is not responsible and may not be held liable for malware uploaded or used by customers, including if it is not discovered by the Malware Scanner channel.

In this article

How to connect

  1. On the My pipelines page, select Create Pipeline.
  2. Select the Malware Scanner channel from your list of channels.

Note: You do not need to set up a special connection to your channel.

Steps

This channel has only one step, Scan an attachment, which allows you to scan for malware. Use the “File to scan” field to select which file attachment field or file URL within Quickbase should be scanned.

Type Step Description
Action Scan an attachment This action allows the user to scan for malware in a file attachment or file URL within Quickbase.

Limits

  • The file size limit is 100 MB.
  • To protect system performance, each realm is limited to 100 file scans per hour—this helps prevent overload from bulk scanning of rarely used files.
  • To avoid unnecessary scans, each file version is only scanned once per hour—even if the same file is used repeatedly in a pipeline.
  • The pipeline will fail with a terminal error if you are scanning the same Quickbase table, record, or file attachment field more frequently than once per 10 seconds.
  • We use GuardDuty by Amazon to scan the files, which means all limitations of GuardDuty apply. Learn more about specific GuardDuty quotas.

Examples

Example 1: Automate scanning on incoming files and delete if a threat is detected

  1. Create a pipeline with the trigger On New Event. That way we can scan new files (that are added to records), but also scan newer versions of files.
  2. Add the Scan an Attachment step.
  3. If the attachment is potentially harmful, delete it and email the uploader. To do so, add a Condition that specifies whether threats are found in the attachment. If the condition is met, add these steps:
    1. Delete Record
    2. Send an Email

malware-ex1.png

Example YAML:

# New pipeline
#

# Account slugs:
# - quickbase[<REDACTED>]]: Realm Default Account <None>
# - microsoft-outlook[<REDACTED>]: <REDACTED>
# <None>
---
- META:
    name: New pipeline
    enabled: true
- TRIGGER quickbase[<REDACTED>] record on_new_event -> a:
    inputs-meta:
      export_fields: '"File" <6>'
      on_add_record: 'true'
      on_delete_record: 'false'
      on_modify_record: 'true'
      table: '"File Manager: Files" <bu5ka6hzd>'
      trigger_on_all_fields: 'true'
- ACTION qb-malware-scanner scan create -> b:
    inputs:
      file: '{{a.file.browser_url}}'
- IF:
  - AND:
    - b<>scan_result equals THREATS_FOUND
  - THEN:
    - a<>ACTION quickbase record delete -> c: {}
    - ACTION microsoft-outlook[<REDACTED>] email send_email -> d:
      inputs:
        bcc_addresses: security_team@somecomapany.com
        body: 'Dear, {{a.record_owner.first_name}}{{a.record_owner.last_name}}


          Please be aware that the file {{a.file.file_name}}you uploaded was flagged as a security threat and was delete.

          The file was deleted and this email is also sent to the security team.


          Thanks,

          Quickbase Malware Scanner.'
        subject: You file was deleted.
        to_addresses: '{{a.record_owner.email}}'
  - ELSE: []
...

Example 2: Scan files on demand

In this example, we'll use the built-in functionality of tables and pipelines to create an on-demand file scan button in a table.

  1. Create a Formula Rich Text field in the table that contains the files.
  2. Create a pipeline with a first step, When Incoming Request.

malware-ex2.png

Example YAML:

# New pipeline
#

# Account slugs:
# - quickbase[<REDACTED>]: Realm Default Account <None>
---
- META:
    name: New pipeline
    enabled: true
- TRIGGER webhooks request on_incoming -> a:
    inputs-meta:
      authentication_schema: no-auth
      method_type: ANY BELOW
- ACTION qb-malware-scanner scan create -> b:
    inputs:
      file: '{{a.url_params.file_url}}'
- LOOKUP quickbase[<REDACTED>] record look_up -> c:
    inputs-meta:
      table: '"File Storage App: Demos" <bu44f9g5a>'
      export_fields: '"Malware Status" <7>'
    inputs:
      id: '{{a.url_params.record_id}}'
- c<>ACTION quickbase record update -> d:
    inputs:
      malware_status: '{% if b.scan_result == "THREATS_FOUND" %}

        Malware Found

        {% else %}

        OK

        {% endif %}'
...

3. Gather the hook URL.

4. Set the following formula in the Formula Rich Text field you created.

"<a class='Vibrant' style='padding:5px 10px; background:#0073e6; color:white; text-decoration:none; border-radius:5px;' target='_blank' href='<HOOK_URL>?file_url=" & URLEncode(URLRoot() & "up/" & Dbid() & "/a/r" & [Record ID#] & "/e6") & "&record_id=" & [Record ID#] & "'>Send File</a>"

Result:

malware-result.png

Related articles

Top