Signatures database
The signatures database is the heart of bucketAV. It contains patterns or “signatures” of known malware. The scan engine uses these signatures to identify and detect malware. Without a comprehensive and up-to-date signatures database, a malware scanning tool may be ineffective in detecting and protecting against new and emerging threats.
bucketAV updates the signature database during startup as well as apporixamtely every 1 hour (bucketAV powered by Sophos) respectively 2 hours (bucketAV powered by ClamAV).
We also host a mirror of the ClamAV® or Sophos® signature database that we sync approximately every hour to guarantee priority access to the signatures database for our customers.
You can add additional databases via the AdditionalDatabaseUrls configuration parameter, e.g., to deal with false-positives & false-negatives or the following requirements:
More strict Microsoft Office macros matching
Only works with bucketAV powered by ClamAV®
Requires bucketAV powered by ClamAV® version >= 2.4.0. To update to the latest version, follow the Update Guide.
To mark any Microsoft Office document with a macro as infected, set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/macro.yara and replace REGION with your AWS Region (e.g., us-east-1; get the value from the top right in the AWS Management Console).
Less strict EICAR matching
Only works with bucketAV powered by ClamAV®
The EICAR Standard Anti-Virus Test File is strictly defined. Some customers and penetration testers also prefer to flag files similar to an EICAR Standard Anti-Virus Test File. E.g., some penetration testers embed the EICAR string into a PDF and expect the file to be still detected even though it does not match the formal definition of an EICAR Standard Anti-Virus Test File anymore. You can configure bucketAV to detect files similar to an EICAR Standard Anti-Virus Test File.
Requires bucketAV powered by ClamAV® version >= 2.4.0. To update to the latest version, follow the Update Guide.
Set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/extendedeicar.hdb and replace REGION with your AWS Region (e.g., us-east-1; get the value from the top right in the AWS Management Console).