Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.
Thank you for the feedback! We are happy to share that the anti-virus logs are now in public preview. You can enable these logs from the Diagnostic Settings menu, which will trigger App Service to begin scanning your web apps for viruses and malware.
Duc Lai commented
Without the Antivirus in the Web App platform, I can run dangerous malware in there (e.g.: WannaCry ransomware on Windows environment). It is a must-tool for Azure Web App.
Hey all - I've raised a new that isn't open to interpretation, please send your votes this way.
Ahh, very disappointing. I was hoping to be able to use the AMSI API.
This new feature is delivering something different than what I was expecting.
From the original description, "If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses." - the request is not anti-malware for the integrity of the web apps platform, but for files that may be uploaded through web apps i.e. a streaming anti-malware service that can be used with custom sites hosted in web apps..
If we cannot detect it in real time, we have no choice but to continue using Cloud Services....
Please do not close this request.
Please hurry. Quickly. ..
Regarding this announcement:
It's one step closer I guess, but will not support the scenario described here as I see it, if you are looking to scan uploaded files in incoming traffic and accept/reject them closer to real time. Maybe someone from the App Service team can comment on if there is are further malware scanning capabilities planned for App Services?
Sai Manepalli commented
Hi @Azure App Service Team, Any update on Antimalware feature on Web Apps (App Service).
Thanks in advance.
titaniumtvapp for pc commented
If we apply Microsoft Antimalware extension to our Web App, can we access any logs that show when updates have been applied to the Antimalware database? How can we ensure that the Antimalware definitions are up to date?
Why was this feature dropped when going from Cloud Services to App Service? We are facing the same challenge as many previous commenters. Customers using our platforms require us to scan files that are uploaded. Our goal is to utilize Azure's PaaS services but without having any alternative workaround that does not include managing our own VM's, we won't be able to achieve that.
Any news regarding this? Extension in the App Service or similar?
Salam Dahbour commented
We need this. We currently have to build VMs so we can ClamAV. That's the only thing we use the VM for. It's a waste, adds complexity, adds a ton of security requirements to our infrastructure, and requires maintenance. We'd really appreciate a service that's similar to ClamAV - write the bits to a stream and receive a reply about whether there's malware or not, but no VM.
Richard Beesley commented
Another option is to use the new Trend service but this is overkill for smaller solutions. It would be really helpful to have a service built around the MS anti-malware functionality that can be used from pure PaaS services such as Web Apps, Functions etc
Every single customer asks for this on their standard infrastructure questionnaires. Even if we don't allow file uploads, they still want to know. If we do allow file upload, then we can't use PaaS right now :(
Would it be possible to enable Windows Defender on the underlying VMs? E.g. by enabling an extension in the App Service?
Topper Kain commented
We have a standard requirement to scan all incoming files with some form of AV. Currently, we have create additional infrastructure outside our app service to send the file to AV, which increases our cost and compliance burden. Having an AV option integral to the app service will allow users in our situation to keep the bytes within the app service, reducing our footprint and complexity.
As mentioned below, we are using the AMSI Antimalware Services Interface to execute our AV scans.
Ian Chivers commented
Microsoft should consider opening up the AMSI AnitMalware Services Interface now that they've upgraded the App Service machines to Windows Server 2016
Richard B. commented
You may want to take a look at this github project for something which may assist for your scenario...
Hi, please confirm are you stating, Azure app service(web app) does not contain antimalware protection just like iaas VM's?