Here is what we do to keep your data safe

Real-time virusscan for Amazon S3

When uploading a new file to a bucket, S3 sends a scan job to a queue. One of the virtual machines running bucketAV picks up the scan job. The EC2 instance downloads the file from S3 and calls the ClamAV® or Sophos® antivirus engine to scan for trojans, viruses, and malware.

Afterward, the scanner sends a report with the scan result to a topic which forwards the message to an email address, Slack channel, Microsoft Teams team, or any HTTPS endpoint. On top of that, the scanner adds a tag to the scanned file and optionally quarantines or deletes infected files.

Scheduled S3 bucket scan

On top of real-time scanning, bucketAV optionally scans your S3 buckets regularly, such as daily, weekly, or monthly.

Virus signature databases are constantly updated to include protection against the latest threats. You know that all files are checked against the newest threat database if you scan your files repeatedly.

On-demand antivirus scan

Run an on-demand scan to ensure a secure baseline of all S3 buckets after installing bucketAV.

On top of that, scan individual files against the latest virus signatures database at any time by submitting scan jobs manually or by integrating bucketAV into your applications using Amazon SQS & SNS or our HTTPS API.

On-access file scan

Scan files before downloading for maximum protection against the latest threats.

The scan is transparent to the developer and user. You connect to Amazon S3 as before.


bucketAV provides a daily, weekly, or monthly report via email. The report includes statistics about scanned files as well as insights into findings.

CSV files with raw data for further analysis are part of the report and can be inspected manually in Microsoft Excel.

Additionally, bucketAV provides a real-time dashboard showing the latest scan results and operational metrics.

ClamAV® or Sophos® antivirus engine

bucketAV is available in two editions: powered by ClamAV® or Sophos®.

ClamAV® is an open-source antivirus engine to detect trojans, viruses, and malware known for being the open-source standard for mail gateway scanning solutions. The virus definition database is continuously updated to protect you from emerging threats.

Sophos® is a trusted cybersecurity provider. bucketAV licenses and uses the commercial antivirus engine to detect threats like trojans, viruses, and malware. Of course, bucketAV continuously updates the thread database maintained by Sophos®.

Multiple AWS accounts

Are you making use of multiple AWS accounts to isolate different workloads? Good news! bucketAV supports scanning buckets from multiple AWS accounts.

However, we recommend running bucketAV in the same account as your S3 buckets to minimize the configuration overhead and keep the isolation boundaries in effect.

Multiple S3 buckets

Connect one or multiple buckets to bucketAV – Antivirus for Amazon S3. We provide detailed instructions on how to configure the necessary S3 event notifications.

Automated mitigation

bucketAV quarantines, deletes, moves, and tags files based on the scan result. On top of that, you can subscribe to notifications based on scan results.

You can configure automated rules to fit your needs. For example, you can quarantine infected files or move clean files into a secure S3 bucket.

Real-time dashboard

Real-time dashboard

The real-time dashboard provides you visibility into the scanning activity. Get an overview of the scan results as well as the health of the scan queue. bucketAV also provides a detailed log of all scan results and system logs. Last but not least, the dashboard provides insights into the hardware utilization of the scanning fleet.

Security Hub integration

Security Hub integration

AWS Security Hub collects and displays security and compliance-related information. bucketAV – Antivirus for Amazon S3 integrates with AWS Security Hub. Infected files show up as security findings. Your SecOps team investigates the findings using the Security Hub workflow.

SSM OpsCenter integration

SSM OpsCenter integration

AWS Systems Manager OpsCenter provides a central location where operations engineers and IT professionals can view and investigate infected files. OpsCenter comes with a workflow engine to ensure that every finding is noticed.


Submit scan jobs to bucketAV via HTTPS and integrate scan results into your application.

The HTTPS API uses the same engine and provides the same information as the native S3 integration.

Slack and Microsoft Teams integration

Slack and Microsoft Teams integration

bucketAV – Antivirus for Amazon S3 integrates with marbot - a chatbot for AWS Monitoring. You can notify your team in Slack or Microsoft Teams whenever an infected file is found.

Custom integration

AWS is the largest cloud platform in the world. bucketAV provides a cloud-native integration point. All scan results are published to Amazon SNS. If you are interested in the scan results, subscribe to the SNS topic and react to any file scan in real-time.

Some customers subscribe to the SNS topic via an AWS Lambda function to update their databases with the scan result. Other clients forward findings to a fleet of EC2 instances to move files into buckets based on a complex routing logic.

Get started with bucketAV

Try for Free Get a Demo

Available via

AWS Marketplace