Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.
Happy to share that we are developing a feature to address this concern. More details to come in 2021. Follow the App Service team blog for updates on this, as well as deep-dive content and news.
We will update this ticket as information becomes available.
Please hurry. Quickly. ..
Regarding this announcement:
It's one step closer I guess, but will not support the scenario described here as I see it, if you are looking to scan uploaded files in incoming traffic and accept/reject them closer to real time. Maybe someone from the App Service team can comment on if there is are further malware scanning capabilities planned for App Services?
Sai Manepalli commented
Hi @Azure App Service Team, Any update on Antimalware feature on Web Apps (App Service).
Thanks in advance.
titaniumtvapp for pc commented
If we apply Microsoft Antimalware extension to our Web App, can we access any logs that show when updates have been applied to the Antimalware database? How can we ensure that the Antimalware definitions are up to date?
Why was this feature dropped when going from Cloud Services to App Service? We are facing the same challenge as many previous commenters. Customers using our platforms require us to scan files that are uploaded. Our goal is to utilize Azure's PaaS services but without having any alternative workaround that does not include managing our own VM's, we won't be able to achieve that.
Any news regarding this? Extension in the App Service or similar?
Salam Dahbour commented
We need this. We currently have to build VMs so we can ClamAV. That's the only thing we use the VM for. It's a waste, adds complexity, adds a ton of security requirements to our infrastructure, and requires maintenance. We'd really appreciate a service that's similar to ClamAV - write the bits to a stream and receive a reply about whether there's malware or not, but no VM.
Richard Beesley commented
Another option is to use the new Trend service but this is overkill for smaller solutions. It would be really helpful to have a service built around the MS anti-malware functionality that can be used from pure PaaS services such as Web Apps, Functions etc
Every single customer asks for this on their standard infrastructure questionnaires. Even if we don't allow file uploads, they still want to know. If we do allow file upload, then we can't use PaaS right now :(
Would it be possible to enable Windows Defender on the underlying VMs? E.g. by enabling an extension in the App Service?
Topper Kain commented
We have a standard requirement to scan all incoming files with some form of AV. Currently, we have create additional infrastructure outside our app service to send the file to AV, which increases our cost and compliance burden. Having an AV option integral to the app service will allow users in our situation to keep the bytes within the app service, reducing our footprint and complexity.
As mentioned below, we are using the AMSI Antimalware Services Interface to execute our AV scans.
Ian Chivers commented
Microsoft should consider opening up the AMSI AnitMalware Services Interface now that they've upgraded the App Service machines to Windows Server 2016
Richard B. commented
You may want to take a look at this github project for something which may assist for your scenario...
Hi, please confirm are you stating, Azure app service(web app) does not contain antimalware protection just like iaas VM's?