Making bucketAV's Malware Detection Even Safer: Signature Validation Before Distribution

At bucketAV, reliability and trust are at the core of everything we do. Our customers depend on us to detect threats accurately, every time. That’s why we’ve introduced a new safeguard in how we manage the antivirus signature databases used by bucketAV.

How bucketAV Uses Signatures

bucketAV protects Amazon S3 and Cloudflare R2 buckets using two powerful scanning engines — ClamAV and the Sophos engine. Both engines rely on regularly updated signature databases to detect the latest threats.

To ensure fast and reliable updates for all customers, we run regional mirrors of these signature databases in each AWS region. Until recently, when an official ClamAV or Sophos mirror released an update, we automatically synced it to our mirrors for distribution.

The New Step: Validating Signatures Before Sync

While rare, it is possible for a signature update from an official source to contain issues — for example, signatures that mistakenly detect clean files as malware, or that fail to detect known threats.

To further protect our customers from such scenarios, we’ve added a signature validation process before any update is rolled out. Here’s how it works:

1. Download the new signature database from the official ClamAV or Sophos mirrors.
2. Test it by scanning a curated set of files:
   • Known-infected files (which should always be detected).
   • Known-clean files (which should never be flagged).
3. Only approve the signature database if it passes these tests.
4. Sync it to our regional mirrors for distribution to all customers.

If the new database fails validation, we halt the rollout and continue serving the previous, proven version until the issue is resolved by a human.

What This Means for You

This change adds an extra layer of assurance that every signature update you receive is both safe and effective. It reduces the risk of false positives disrupting your operations and ensures you continue receiving accurate, reliable malware detection.

This improvement has already been rolled out to all customers in all AWS regions — no action is needed on your part.

At bucketAV, we’re committed to constantly improving our protection, not just by detecting new threats, but by safeguarding the integrity of the tools we use to detect them.