Here is what we do to keep your data safe

Scheduled S3 bucket scan

On top of real-time scanning, bucketAV optionally scans your S3 buckets regularly, such as daily, weekly, or monthly.

Virus signature databases are constantly updated to include protection against the latest threats. You know that all files are checked against the newest threat database if you scan your files repeatedly.

On-demand antivirus scan

Run an on-demand scan to ensure a secure baseline of all S3 buckets after installing bucketAV.

On top of that, scan individual files against the latest virus signatures database at any time by submitting scan jobs manually or by integrating bucketAV into your applications using Amazon SQS & SNS or our HTTPS API.

On-access file scan

Scan files before downloading for maximum protection against the latest threats.

The scan is transparent to the developer and user. You connect to Amazon S3 as before.

Reporting

bucketAV provides a daily, weekly, or monthly report via email. The report includes statistics about scanned files as well as insights into findings.

CSV files with raw data for further analysis are part of the report and can be inspected manually in Microsoft Excel.

Additionally, bucketAV provides a real-time dashboard showing the latest scan results and operational metrics.

ClamAV® or Sophos® antivirus engine

bucketAV is available in two editions: powered by ClamAV® or Sophos®.

ClamAV® is an open-source antivirus engine to detect trojans, viruses, and malware known for being the open-source standard for mail gateway scanning solutions. The virus definition database is continuously updated to protect you from emerging threats.

Sophos® is a trusted cybersecurity provider. bucketAV licenses and uses the commercial antivirus engine to detect threats like trojans, viruses, and malware. Of course, bucketAV continuously updates the thread database maintained by Sophos®.

Multiple AWS accounts

Are you making use of multiple AWS accounts to isolate different workloads? Good news! bucketAV supports scanning buckets from multiple AWS accounts.

However, we recommend running bucketAV in the same account as your S3 buckets to minimize the configuration overhead and keep the isolation boundaries in effect.

Multiple S3 buckets

Connect one or multiple buckets to bucketAV – Antivirus for Amazon S3. We provide detailed instructions on how to configure the necessary S3 event notifications.

Automated mitigation

bucketAV quarantines, deletes, moves, and tags files based on the scan result. On top of that, you can subscribe to notifications based on scan results.

You can configure automated rules to fit your needs. For example, you can quarantine infected files or move clean files into a secure S3 bucket.

Real-time dashboard

The real-time dashboard provides you visibility into the scanning activity. Get an overview of the scan results as well as the health of the scan queue. bucketAV also provides a detailed log of all scan results and system logs. Last but not least, the dashboard provides insights into the hardware utilization of the scanning fleet.

Security Hub integration

AWS Security Hub collects and displays security and compliance-related information. bucketAV – Antivirus for Amazon S3 integrates with AWS Security Hub. Infected files show up as security findings. Your SecOps team investigates the findings using the Security Hub workflow.

SSM OpsCenter integration

AWS Systems Manager OpsCenter provides a central location where operations engineers and IT professionals can view and investigate infected files. OpsCenter comes with a workflow engine to ensure that every finding is noticed.

HTTPS API

Submit scan jobs to bucketAV via HTTPS and integrate scan results into your application.

The HTTPS API uses the same engine and provides the same information as the native S3 integration.

Slack and Microsoft Teams integration

bucketAV – Antivirus for Amazon S3 integrates with marbot - a chatbot for AWS Monitoring. You can notify your team in Slack or Microsoft Teams whenever an infected file is found.

Custom integration

AWS is the largest cloud platform in the world. bucketAV provides a cloud-native integration point. All scan results are published to Amazon SNS. If you are interested in the scan results, subscribe to the SNS topic and react to any file scan in real-time.

Some customers subscribe to the SNS topic via an AWS Lambda function to update their databases with the scan result. Other clients forward findings to a fleet of EC2 instances to move files into buckets based on a complex routing logic.