This image is used in the Analytical Platform Ingestion service. It is deployed as an AWS Lambda function within the analytical-platform-ingestion account and is called as part of the AWS Transfer Family Server workflows.
The image comes with two key features - Syncing and Scanning.
-
definition_uploadpulls latest ClamAV definitions, archives them, and pushes to Amazon S3. -
definition_downloaddownloads archived ClamAV definitions from Amazon S3, and unpacks them.
scanpulls ingested object from landing bucket, scans with ClamAV. If clean, moves to processed bucket for upstream sync, or if infectected, move to quarantined bucket.
docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/ingestion-scan:local .docker run -it --rm \
--platform linux/amd64 \
--hostname ingestion-scan \
--name analytical-platform-ingestion-scan \
analytical-platform.service.justice.gov.uk/ingestion-scan:localGenerally Dependabot does this, but the following command will return the digest:
docker pull --platform linux/amd64 public.ecr.aws/lambda/python:3.13
docker image inspect --format='{{index .RepoDigests 0}}' public.ecr.aws/lambda/python:3.13To find latest DNF package versions, you can run the following:
docker run -it --rm --platform linux/amd64 --entrypoint /bin/bash public.ecr.aws/lambda/python:3.13
microdnf update
microdnf repoquery ${PACKAGE} # for example clamav, clamav-update or clamdMaintenance of this component is scheduled in this workflow, which generates a maintenance ticket as per this example.