Engines
bucketAV supports the ClamAV® and Sophos® engines to detect malware. We package the engines in three variants:
| ClamAV® | Sophos® | Multiple engines | |
|---|---|---|---|
| Engine description | Open-source antivirus engine | Commercial antivirus engine | Combines the ClamAV® and Sophos® engines |
| Malware detection approach | signature-based | signature-based and generic malware detection based on Sophos Behavioural Genotype Detection | signature-based and generic malware detection based on Sophos Behavioural Genotype Detection |
| Performance | Medium | High | Medium |
| Maximum file size | 2 GB | 5 TB | 5 TB1 |
| False-positive/negative management | yes | no | yes2 |
| Custom YARA rules | yes | no | yes2 |
Multiple engines
bucketAV powered by multiple engines, scans all files with the ClamAV® and Sophos® engines on a dedicated scan fleet. A file is clean if both engines detect it as clean. A file is infected or unscannable if one of the engines flags it as infected or unscannable.
Limitations
- When using S3 buckets without versioning enabled, uploading the same file multiple times in quick succession may cause bucketAV to reuse scan results from an earlier upload instead of the scan result of the new file. To prevent this issue, either enable versioning on your S3 bucket or avoid uploading the same file multiple times in a short timeframe.
- Scan jobs do not support downloads, only S3 objects.
Please contact us if any of the limitations are a showstopper for you.