Here is what we do to keep your data safe
Real Time Virusscan for Amazon S3
When uploading a new file to a bucket, S3 sends a scan task to a queue. One of the virtual machines running bucketAV picks up the scan task. The EC2 instance downloads the file from S3 and calls the ClamAV® antivirus engine to scan for trojans, viruses, and malware.
Afterward, the scanner sends a report with the scan result to a topic which forwards the message to an email address, Slack channel, Microsoft Teams team, or any HTTPS endpoint. On top of that, the scanner adds a tag to the scanned file and optionally quarantines or deletes infected files.
Scheduled Antivirus Scan
On top of real-time scanning, bucketAV optionally scans your S3 buckets regularly, such as daily, weekly, or monthly.
Virus signature databases are constantly updated to include protection against the latest threats. Only if you scan your files from time to time, you know that all files are checked against the newest threat database.
ClamAV® antivirus engine
bucketAV – Antivirus for Amazon S3 uses the open-source antivirus engine for detecting trojans, viruses, and malware.
ClamAV® is known for being the open-source standard for mail gateway scanning solutions. The virus definition database is continuously updated to protect you from emerging threats.
Multiple AWS Accounts
Are you making use of multiple AWS accounts to isolate different workloads? Good news! bucketAV supports scanning buckets from multiple AWS accounts.
However, we recommend running bucketAV in the same account as your S3 buckets to keep the configuration overhead to a minimum and keep the isolation boundaries in effect.
Multiple S3 Buckets
Connect one or multiple buckets to bucketAV – Antivirus for Amazon S3. We provide detailed instructions on how to configure the necessary S3 event notifications.
Our dashboard provides you full visibility into the scanning activity. Get an overview of the scan results as well as the health of the scan queue. We also provide a detailed log of all scan results separated from system logs. Last but not least, you get real-time insights into the hardware utilization of your scan fleet.
Security Hub integration
AWS Security Hub collects and displays security and compliance-related information. bucketAV – Antivirus for Amazon S3 integrates with AWS Security Hub. Infected files show up as security findings. Your SecOps team investigates the findings using the Security Hub workflow.
SSM OpsCenter integration
AWS Systems Manager OpsCenter provides a central location where operations engineers and IT professionals can view and investigate infected files. OpsCenter comes with a workflow engine to ensure that no finding is missed.
Slack and Microsoft Teams integration
bucketAV – Antivirus for Amazon S3 integrates with marbot - a chatbot for AWS Monitoring. Whenever an infected file is found, you can notify your team in Slack or Microsoft Teams.
AWS is the largest cloud platform in the world. bucketAV provides a cloud-native integration point. All scan results are published to Amazon SNS. If you are interested in the scan results, you can subscribe to the SNS topic and react to any file scan in real-time.
Some of our customers subscribe to the SNS topic via an AWS Lambda function to update their databases with the scan result. Other clients forward findings to a fleet of EC2 instances to move files into buckets based on a complex routing logic.