Keeping viruses out of the shared file system during file transfer

Terry Beavis | Wednesday, August 5th, 2020


  • The existing file transfer solution does not process and perform Anti-Virus validation on a self-isolated environment per file.
  • So any file opened potentially can contain a virus and infect the whole server and other files within the server.
  • The current file transfer solution requires the provision of servers utilising a large amount of resources (CPU, RAM).


  • Transport and process files in a sandbox, so operations like Anti-Virus check happen in isolation so that if viruses are found the sandbox will be destroyed without affecting the rest of the system.
  • The sandbox has to be created on the fly and take the minimum resources needed.


We implemented part of the file transfer solution taking advantage of Kubernetes capabilities. Kubernetes gives the isolation desired and consumes the minimum amount of resources on demand. This means we can process each file in a dedicated pod and destroy it once all processing finished (including Anti Virus).

It gives a distributed auditability solution to know in real time the status of the individual files in a central dashboard.

The solution also provides an alerting mechanism; sending notifications when something happens or failure is detected.


Integrate the solution in a way that file transfers are not going to starve the rest of the cluster (monitoring and queuing).


  • Capacity to process each file in a secure sandbox.
  • On demand resource consumption (no more resources wasted in idle mode).
  • Full visibility about the status of the file transfers.

Filed under: Case Study, Systems Integration