Malware Scanning during Bulk Import

When Bulk Import to add data to Flywheel, files will be scanned for malware and viruses. If malware is detected or if the malware scan cannot be performed, the affected files will rejected from import and deleted from the Flywheel system (including temporary storages).

Disclaimer

Although Flywheel performs a best-effort malware scan to prevent the spread of malware contained in files being added to Flywheel, Flywheel cannot guarantee perfect detection of all malware in all files.

Applicability

Version 19.4+

Malware scanning during Bulk Import was added in Flywheel Core version 19.4 and is not available in earlier versions.

Malware scanning is only performed when adding data to Flywheel via Bulk Import (including after uploading data from your local machine).

Malware scanning is NOT performed when adding data to Flywheel via other upload methods, such as: Ad hoc uploads, DICOM Connectors, or legacy Ingest.

Limitations & Considerations

File Size

The malware scanner cannot process files larger than 1 GB. For this reason, files larger than 1 GB are allowed to be imported into Flywheel via Bulk Import without having a successful malware scan result.

System load

Malware scanning is compute intensive, especially when acting on compressed files.

While Bulk Import automatically scales horizontally to perform many malware scans concurrently, the time required to scan each individual file is dependent upon the file size and the resources (CPU and memory) allocated for each individual scanner.

If you expect to be importing a large number of large (or highly-compressed) files, contact Flywheel Support to ensure there are enough resources allocated for the malware scanner.

Behavior

The result of the malware scan is recorded in the import audit report for each and every file.

Malware scan results include the following states:

success: The malware scan completed without error and malware was not detected.
failed: Either malware was detected or an error occurred during the scan.
- found: If malware was detected, the name of the malware will be listed in the scan result reason field.
- error: If an error occurred, the scan result reason will contain the error message.
skipped: The malware scan was (intentionally) not performed. Possible reasons for this state include:
- size: The file was larger than 1 GB, or
- disabled: The External Storage used as the import source was configured to have malware scanning disabled.

Only files with a successful (clean) scan result may be imported into Flywheel. In all other cases (fail, error, malicious, skipped, etc.), files are rejected and not allowed to be imported into Flywheel.

Note that if the malware scan takes longer than 90 seconds, the scan will timeout and be recorded as failed.

Files larger than 1 GB

Due to technical limitations, malware scanning cannot be performed for files larger than 1 GB. For this reason, only files larger than 1 GB are allowed to be imported into Flywheel via Bulk Import without having a successful malware scan result.

If malware is detected, the import audit report may include additional information about the detection.

The individual scan results for each file are aggregated into summary statistics available on the import job details dialog.

Opting-out of Malware Scanning

Flywheel recognizes that customers who may be importing data from a pre-vetted data lake may prefer to skip the malware scanning step to increase import speed.

An option is available in the External Storage configuration for disabling malware scanning. Malware scanning will not be performed when importing data from an External Storage that has been configured with malware scanning disabled.

Flywheel does not offer the ability to opt out of malware scanning when importing data that has been uploaded a user's local machine; only when importing data from an external storage.

Enforcing Malware Scanning

Although there are many ways to add files to Flywheel (see the article on Getting Data In), malware scanning is only performed on files uploaded via Bulk Import.

When using Bulk Import, malware scanning is performed regardless of the data source^* or interface used, including:

Importing data via the Web App
- Whether from "My Computer" or an External Storage device
Importing data via the new (BETA) CLI
- Whether from "My Computer" or an External Storage device

^* Except when an administrator has opted-out of malware scanning for a particular External Storage device.

When using any other upload method, malware scanning is not performed. This includes:

If malware scanning is required to meet security requirements, then it may be necessary prevent users from being able to use the upload methods which do not perform malware scans.

To achieve this, create a custom role with the following permissions set:

Files Create/Upload: DENY
Files Single File Upload/Create: DENY
Files Bulk File Upload: ALLOW
Data Transfer Manage Imports: ALLOW

Users with this combination of permissions are only allowed to use Bulk Import which includes malware scanning. This prevents users from being able to use any of the upload methods where malware scanning is not performed.

Warning

Files uploaded via the Flywheel SDK (e.g., via Gears or other custom applications) are not scanned for malware. When uploading files via custom applications or Gears, beware to only upload files from trusted sources.