Crate scanbridge

Crate scanbridge 

Source
Expand description

§Scanbridge

A unified, pluggable API for malware scanning with circuit breakers, policy enforcement, quarantine support, and compliance-ready audit logging.

§Overview

Scanbridge provides an abstraction layer over multiple malware scanning engines, allowing you to:

  • Submit files for scanning through a consistent API
  • Use multiple scanning backends (ClamAV, VirusTotal, etc.)
  • Handle failures gracefully with circuit breakers
  • Apply policies to determine actions based on scan results
  • Quarantine infected files safely
  • Generate structured audit logs for compliance

§Quick Start

use scanbridge::{ScanManager, ScanManagerConfig, FileInput, ScanContext};
use scanbridge::backends::MockScanner;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create a scanner
    let scanner = MockScanner::new_clean();
     
    // Create the scan manager
    let manager = ScanManager::builder()
        .add_scanner(scanner)
        .build()?;
     
    // Scan a file
    let input = FileInput::from_bytes(b"file content".to_vec());
    let context = ScanContext::new().with_tenant_id("my-tenant");
    let result = manager.scan(input, context).await?;
     
    if result.is_clean() {
        println!("File is clean!");
    }
     
    Ok(())
}

§Features

  • default - Includes tokio runtime support
  • tokio-runtime - Async support via tokio
  • clamav - ClamAV backend support
  • virustotal - VirusTotal API backend support

§Architecture

The library is organized into several layers:

  • Core: Fundamental types, traits, and error handling
  • Backends: Individual scanner implementations
  • Circuit Breaker: Resilience patterns for failing scanners
  • Manager: Orchestration of scans across multiple engines
  • Policy: Configurable rules for handling scan results
  • Quarantine: Safe storage for infected files
  • Audit: Structured logging for compliance

Re-exports§

pub use crate::core::FileHash;
pub use crate::core::FileHasher;
pub use crate::core::FileInput;
pub use crate::core::FileMetadata;
pub use crate::core::ScanContext;
pub use crate::core::ScanError;
pub use crate::core::ScanOutcome;
pub use crate::core::ScanReport;
pub use crate::core::ScanResult;
pub use crate::core::Scanner;
pub use crate::core::ThreatInfo;
pub use crate::core::ThreatSeverity;
pub use crate::circuit_breaker::CircuitBreaker;
pub use crate::circuit_breaker::CircuitBreakerConfig;
pub use crate::manager::ScanManager;
pub use crate::manager::ScanManagerConfig;
pub use crate::policy::PolicyAction;
pub use crate::policy::PolicyEngine;
pub use crate::policy::PolicyRule;
pub use crate::quarantine::QuarantineRecord;
pub use crate::quarantine::QuarantineStore;

Modules§

audit
Structured audit logging for compliance environments.
backends
Scanning backend implementations.
circuit_breaker
Circuit breaker implementation for scanner resilience.
core
Core types and traits for the scanbridge library.
manager
Scan manager for orchestrating scans across multiple engines.
policy
Policy engine for determining actions based on scan results.
prelude
Prelude module for convenient imports.
quarantine
Quarantine storage for infected files.