Malware Archive section¶
Configuring the Malware Archive functionality is done by modifying the data storage section (datastore
). Refer to the Malware Archive to get an understanding of how this feature works.
The minimum required change to turn on the Malware Archive is to set the datastore.archive.enabled
flag to true
. This will show the Archive link in the left navbar, activate the Archiver core component and create the archive indices in the database.
Optionally, you can also add a separate entry for the archive in the filestore
so your archived files are not mixed with the non-archived files. Having a separate archive filestore will make some operations in the system faster. You can also configure the Archiver behaviour by setting a minimum service selection for all archived submission which means that if you try to archive a submission where not all those services ran, the Archiver will create a derived submission with the added services and will archive that new submission instead once it's done.
Malware Archive configuration example
...
core:
archiver:
# List of services that must be selected for a submission to be archived. (optional)
# If a service is missing, the archiver will re-submit
# the file with the added services and archive that
minimum_required_services: ['Extract', 'Safelist', ...]
...
datastore:
archive:
# Are we enabling the Archiving features? (required)
enabled: true
...
filestore:
# List of filestores used for the malware archive (optional)
archive:
- s3://al_storage_key:Ch@ngeTh!sPa33w0rd@localhost:9000?s3_bucket=al-archive&use_ssl=False
...
Tip
Refer to the changing the configuration file documentation for more details on where and how to change the configuration of the system.