By default, bucketAV tags files with the scan result. Set the TagFiles configuration parameter to
false to disable the action. The tag key is configurable via the TagKey configuration parameter.
If you configure bucketAV to delete infected files, we will not tag the files as infected before we delete them to minimize S3 API calls.
Once the file is tagged, you can use the tag for different purposes:
- Information only
- Use it in Amazon S3 bucket policies to allow/deny actions based on the scan result
- Programmatically query the S3 GetObjectTagging API to get the bucketav tag with the scan result from the Amazon S3 API.
Remember that AWS charges a monthly fee for S3 Object Tagging ($0.01 per 10,000 tags per month in us-east-1).