Signatures database
The signatures database is the heart of bucketAV. It contains patterns or “signatures” of known malware. The scan engine uses these signatures to identify and detect malware. Without a comprehensive and up-to-date signatures database, a malware scanning tool may be ineffective in detecting and protecting against new and emerging threats.
bucketAV updates the signature database during startup as well as approximately every 1 hour (bucketAV powered by Sophos) respectively 2 hours (bucketAV powered by ClamAV).
We also host a mirror of the ClamAV® or Sophos® signature database that we sync approximately every hour to guarantee priority access to the signatures database for our customers.
You can add additional databases via the AdditionalDatabaseUrls configuration parameter, e.g., to deal with false-positives & false-negatives or the following requirements:
More strict Microsoft Office macros matching (#)
This feature is only available for bucketAV powered by ClamAV®!
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.4.0.
To update to the latest version, follow the Update Guide.
To mark any Microsoft Office document with a macro as infected, set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/macro.yara
and replace REGION
with your AWS Region (e.g., us-east-1
; get the value from the top right in the AWS Management Console).
Less strict EICAR matching (#)
This feature is only available for bucketAV powered by ClamAV®!
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.4.0.
To update to the latest version, follow the Update Guide.
The EICAR Standard Anti-Virus Test File is strictly defined. Some customers and penetration testers also prefer to flag files similar to an EICAR Standard Anti-Virus Test File. E.g., some penetration testers embed the EICAR string into a PDF and expect the file to be still detected even though it does not match the formal definition of an EICAR Standard Anti-Virus Test File anymore. You can configure bucketAV to detect files similar to an EICAR Standard Anti-Virus Test File.
Set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/extendedeicar.hdb
and replace REGION
with your AWS Region (e.g., us-east-1
; get the value from the top right in the AWS Management Console).