The Healthcare Blocks platform performs a nightly scan of every virtual machine using the following tools:
- Linux Malware Detect
- Rootkit Hunter
Malware signatures are updated daily before scans are run.
The process is centrally managed in order to provide the Healthcare Blocks SecOps team with enhanced auditing and troubleshooting capabilities. Any detected malware or scan errors are escalated to an internal Slack channel monitored by Healthcare Blocks for further investigation. If necessary, the Healthcare Blocks SecOps team will contact the customer during its analysis.
Malware scans are resource intensive based on the number of file operations being performed. Healthcare Blocks has configured scans to consume no more than 10% of a virtual machine's available CPU. However, smaller or busier virtual machines might experience larger CPU spikes due to resource contention.
As of September 1, 2019, customers can retrieve scan logs from their S3 audit logs bucket in a subfolder named malware_scans. Please create a help desk ticket for assistance.