Signatures database
The signatures database is the heart of bucketAV. It contains patterns or “signatures” of known malware. The scan engine uses these signatures to identify and detect malware. Without a comprehensive and up-to-date signatures database, a malware scanning tool may be ineffective in detecting and protecting against new and emerging threats.
That’s why we update the signatures database on the first EC2 instance launch and ~ every 2 hours.
We also host a mirror of the ClamAV signatures database that we sync ~ every hour to guarantee priority access to the signatures database for our customers.
You can add additional databases via the AdditionalDatabaseUrls configuration parameter, e.g., to deal with false-positives & false-negatives or the following requirements:
More strict Microsoft Office macros matching
Requires bucketAV version >= 2.4.0. To update to the latest version, follow the Update Guide.
To mark any Microsoft Office document with a macro as infected, set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/macro.yara
and replace REGION
with your AWS Region (e.g., us-east-1
; get the value from the top right in the AWS Management Console).
Less strict EICAR matching
The EICAR Standard Anti-Virus Test File is strictly defined. Some customers and penetration testers also prefer to flag files similar to an EICAR Standard Anti-Virus Test File. E.g., some penetration testers embed the EICAR string into a PDF and expect the file to be still detected even though it does not match the formal definition of an EICAR Standard Anti-Virus Test File anymore. You can configure bucketAV to detect files similar to an EICAR Standard Anti-Virus Test File.
Requires bucketAV version >= 2.4.0. To update to the latest version, follow the Update Guide.
Set the AdditionalDatabaseUrls configuration parameter to https://bucketav-clamav-customdb-REGION.s3.REGION.amazonaws.com/extendedeicar.hdb
and replace REGION
with your AWS Region (e.g., us-east-1
; get the value from the top right in the AWS Management Console).