Features
Here is what we do to keep your data safe
Real-time virus scan for Amazon S3 and Cloudflare R2
When uploading a new file to a bucket, a scan job is added to the Scan Queue. One of the virtual machines running bucketAV picks up the scan job. The EC2 instance downloads the file from S3 and calls the ClamAV® or Sophos® antivirus engine to scan for trojans, viruses, and malware.
Afterward, the scanner sends a report with the scan result to a topic, which forwards the message to an email address, Slack channel, Microsoft Teams team, or any HTTPS endpoint. Moreover, the scanner adds a tag to the scanned file and optionally quarantines or deletes infected files.
Scheduled S3 bucket and R2 bucket scan
On top of real-time scanning, bucketAV optionally scans your S3 bucket and R2 buckets regularly, such as daily, weekly, or monthly.
Virus signature databases are constantly updated to include protection against the latest threats. You know that all files are checked against the newest threat database if you scan your files repeatedly.
On-demand antivirus scan
Run an on-demand scan to ensure a secure baseline of all S3 buckets and R2 buckets after installing bucketAV.
Moreover, scan individual files against the latest virus signatures database at any time by submitting scan jobs manually or by integrating bucketAV into your applications using Amazon SQS & SNS or our HTTPS API.
On-access file scan
Scan Amazon S3 files before downloading for maximum protection against the latest threats.
The scan is transparent to the developer and the user. You connect to Amazon S3 as before.
Reporting
bucketAV provides a daily, weekly, or monthly report via email. The report includes statistics about scanned files as well as insights into the findings.
CSV files with raw data for further analysis are part of the report and can be inspected manually in Microsoft Excel.
Additionally, bucketAV provides a real-time dashboard showing the latest scan results and operational metrics.
ClamAV® or Sophos® antivirus engine
bucketAV is available in two editions: powered by ClamAV® or Sophos®.
ClamAV® is an open-source antivirus engine to detect trojans, viruses, and malware known for being the open-source standard for mail gateway scanning solutions. The virus definition database is continuously updated to protect you from emerging threats.
Sophos® is a trusted cybersecurity provider. bucketAV licenses and uses the commercial antivirus engine to detect threats like trojans, viruses, and malware. Of course, bucketAV continuously updates the thread database maintained by Sophos®.
Multiple AWS accounts
Are you making use of multiple AWS accounts to isolate different workloads? Good news! bucketAV supports scanning buckets from multiple AWS accounts.
However, we recommend running bucketAV in the same account as your S3 buckets to minimize the configuration overhead and keep the isolation boundaries in effect.
Multiple buckets
Connect one or multiple buckets to bucketAV. Our dashboard shows all your protected and unprotected buckets.
Automated mitigation
bucketAV quarantines, deletes, moves, and tags files based on the scan result. Moreover, you can subscribe to notifications based on scan results.
You can configure automated rules to fit your needs. For example, you can quarantine infected files or move clean files into a secure S3 bucket.
Real-time dashboard
The real-time dashboard provides you with visibility into the scanning activity. Get an overview of the scan results as well as the health of the scan queue. bucketAV also provides a detailed log of all scan results and system logs. Finally, the dashboard provides insights into the hardware utilization of the scanning fleet.
Security Hub integration
AWS Security Hub collects and displays security and compliance-related information. bucketAV integrates with AWS Security Hub. Infected files show up as security findings. Your SecOps team investigates the findings using the Security Hub workflow.
SSM OpsCenter integration
AWS Systems Manager OpsCenter provides a central location where operations engineers and IT professionals can view and investigate infected files. OpsCenter comes with a workflow engine to ensure that every finding is noticed.
HTTPS API
Submit scan jobs to bucketAV via HTTPS and integrate scan results into your application.
The HTTPS API relies on the same technology that is used to protect your buckets.
Slack and Microsoft Teams integration
bucketAV integrates with marbot - a chatbot for AWS Monitoring. You can notify your team in Slack or Microsoft Teams whenever an infected file is found.
Custom integration
AWS is the largest cloud platform in the world. bucketAV provides a cloud-native integration point. All scan results are published on Amazon SNS. If you are interested in the scan results, subscribe to the SNS topic and react to any file scan in real-time.
Some customers subscribe to the SNS topic via an AWS Lambda function to update their databases with the scan results. Other clients forward findings to a fleet of EC2 instances to move files into buckets based on a complex routing logic.
Available via