Engines

bucketAV supports the ClamAV® and Sophos® engines to detect malware. We package the engines in three variants:

ClamAV®Sophos®Multiple engines
Engine descriptionOpen-source antivirus engineCommercial antivirus engineCombines the ClamAV® and Sophos® engines
Malware detection approachsignature-basedsignature-based and generic malware detection based on Sophos Behavioural Genotype Detectionsignature-based and generic malware detection based on Sophos Behavioural Genotype Detection
PerformanceMediumHighMedium
Maximum file size2 GB5 TB5 TB1
False-positive/negative managementyesnoyes2
Custom YARA rulesyesnoyes2

Multiple engines

bucketAV powered by multiple engines, scans all files with the ClamAV® and Sophos® engines on a dedicated scan fleet. A file is clean if both engines detect it as clean. A file is infected or unscannable if one of the engines flags it as infected or unscannable.

Limitations

  • When using S3 buckets without versioning enabled, uploading the same file multiple times in quick succession may cause bucketAV to reuse scan results from an earlier upload instead of the scan result of the new file. To prevent this issue, either enable versioning on your S3 bucket or avoid uploading the same file multiple times in a short timeframe.
  • Scan jobs do not support downloads, only S3 objects.

Please contact us if any of the limitations are a showstopper for you.


  1. For files larger than 2 GB, only the scan result of the Sophos® engine is considered. ↩︎

  2. Supported by the ClamAV® engine only. ↩︎ ↩︎

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email