Add-Ons

Our add-ons flexibly extend the functionality of bucketAV. bucketAV customers are allowed to use our add-ons at no additional charge. AWS infrastructure costs do apply.

The following add-ons are available:

Reporting

This add-on collects metadata about scanned files and generates a report out of it. The report is delivered into your email inbox daily, weekly, or monthly.

Requires bucketAV version >= 1.7.0. To update to the latest version, follow our Update Guide.

The email contains:

  • Statistics about scanned files: Number of files scanned, % of clean files, % of infected files, and % of unscannable files.
  • Top 10 infections/viruses.
  • CSV reports: all files, infected & unscannable files.
  • Operational alarms: If bucketAV needs your attention.

Install Add-On

  1. Set the Stack name to bucketav-reporting.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the ReportReceiver1 parameter to your email address.
  4. By default, the ReportingFrequency is set to weekly. Change that if needed.
  5. Select I acknowledge that AWS CloudFormation might create IAM resources.
  6. Click on the Create stack button to save.
  7. You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Kinesis Firehose Delivery Stream to store the messages from SNS on S3.
  • Athena to generate CSV files.
  • S3 Bucket to store the data and reports.
  • StepFunction State Machine to orchestrate report generation.
  • Lambda Function to send out the report email.
  • EventBridge Cron Rule to trigger the report daily/weekly/monthly.
  • SNS Topic & Subscription to send out report emails.
  • CloudWatch Alarms to monitor the used AWS services.

Scan bucket at regular intervals

This add-on enqueues all files in a bucket for scanning at regular intervals—the EC2 instances of bucketAV scan the files.

Install Add-On

  1. Set the Stack name to bucketav-scheduled-bucket-scan.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the BucketName parameter to the name of the S3 bucket that you want to scan.
  4. Set the ScheduleExpression parameter to a valid expression . E.g., rate(1 day), rate(7 days), or rate(1 hour).
  5. Select I acknowledge that AWS CloudFormation might create IAM resources.
  6. Click on the Create stack button to save.

To get insights into running and completed runs, visit the Step Functions Management Console . Click on the state machine (if you followed our docs, the name is bucketav-scheduled-bucket-scan. You will see a list of Executions, the most recent execution is at the top and represents the latest bucket scan. If the status equals Succeeded, the bucket scan is complete. If the status equals Running, the bucket scan is running.

Architecture

The following AWS services are used:

  • StepFunction State Machine to orchestrate the S3 bucket scan.
  • Lambda Function to fetch the list of files from the S3 bucket and push them to the Scan Queue.
  • EventBridge Cron Rule to trigger the bucket scan at regular intervals.
  • CloudWatch Alarms to monitor the used AWS services.

Quarantine infected files

This add-on moves infected files into a quarantine bucket for further investigation.

The DeleteInfectedFiles parameter of the bucketAV stack must be set to false (defaults to true). Learn how to configure bucketAV.

Install Add-On

  1. Set the Stack name to bucketav-quarantine.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the QuarantineBucketName parameter to an existing S3 bucket where quarantined files are stored.
  4. Select I acknowledge that AWS CloudFormation might create IAM resources.
  5. Click on the Create stack button to save.

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Lambda Function to move the infected files into the quarantine S3 bucket.
  • CloudWatch Alarms to monitor the used AWS services.

Move clean files

This add-on moves clean files into a target bucket. With this add-on, you can ensure that files are scanned before users can download them.

The ReportCleanFiles parameter of the bucketAV stack must be set to true (defaults to true). Learn how to configure bucketAV.

move-clean

Install Add-On

  1. Set the Stack name to bucketav-move-clean.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the TargetBucketName parameter to an existing S3 bucket where clean files are stored.
  4. Select I acknowledge that AWS CloudFormation might create IAM resources.
  5. Click on the Create stack button to save.

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Lambda Function to move the clean files into the target S3 bucket.
  • CloudWatch Alarms to monitor the used AWS services.

Alarm if infected files are found

This add-on is deprecated. Use the reporting add-on instead!

This add-on creates a CloudWatch Alarm to notify you via email if infected files are found in the past N seconds.

Install Add-On

  1. Set the Stack name to bucketav-alarm.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Set the Email parameter to your email address.
  4. Click on the Create stack button to save.
  5. You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.

Architecture

The following AWS services are used:

  • CloudWatch Alarms to monitor if infected files are found.
  • SNS Topic & Subscription to send out emails.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email