Update Guide
We regularly release new bucketAV versions to add features, improve performance, or patch vulnerabilities (see our release notes). The latest versions are:
- bucketAV powered by ClamAV®:
v2.27.0
- bucketAV powered by Sophos®:
v2.19.0
bucketAV supports updates without downtime. You don’t need to be afraid of updating bucketAV, even when files are scanned.
Quick Update
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.15.0, bucketAV for Amazon S3 powered by Sophos® version >= 2.5.0, or any version of bucketAV for Cloudflare R2. If you are using an older version, perform a manual update instead.
- Visit the AWS CloudWatch Management Console.
- Navigate to Dashboards.
- Select the dashboard starting with the name
bucketav
followed by the name of the AWS region—for example,bucketav-eu-west-1
. - Find the Update tile. Click the Update button. If there is no Update tile in your dashboard, perform a manual update.
- You are redirected to AWS CloudFormation. Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS
CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
You are done!
Manual Update
Before you update bucketAV to the latest version, you need to find out the current version, engine, and fulfillment option you are using.
- Visit the AWS CloudFormation Console
- Ensure that you are in the correct region.
- Navigate to Stacks.
- Click on the bucketAV stack (if you followed the docs, the name is
bucketav
). - Click on the Outputs tab.
- The output
Engine
showsclamav
orsophos
. In case, the outputEngine
is missing, you are runningclamav
. - The output
Version
shows the current version of bucketAV. - The output
FulfillmentOption
shows the fulfillment option.
Afterwards, pick the Amazon S3 URL of the matching CloudFormation template from the following table.
Engine | Fulfillment Option | Amazon S3 URL |
---|---|---|
ClamAV | dedicated-public-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/620f582d-6941-4885-94c4-f07f7c3a2644/620f582d-6941-4885-94c4-f07f7c3a2644/39d58953-9c3f-4b5d-a00c-3df2aa282f32/ea46b391-de4a-4785-9ce6-91988123cd43/20ac90eb-2158-4294-b3c8-e66d5ebf9eb3.template
Copy |
ClamAV | dedicated-private-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/6f3c8fca-6b39-4f24-838c-d6e7538c9bfe/6f3c8fca-6b39-4f24-838c-d6e7538c9bfe/39d58953-9c3f-4b5d-a00c-3df2aa282f32/400d1bf1-bda2-419f-ba19-a8351648c016/2bcd4b57-2f4d-4fe7-8c44-ed0fda6b3c90.template
Copy |
ClamAV | shared-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/7a8c1652-aed7-45e3-8bd4-8c4a94d2f20c/7a8c1652-aed7-45e3-8bd4-8c4a94d2f20c/39d58953-9c3f-4b5d-a00c-3df2aa282f32/2efba0b7-1c6d-42f1-875c-b9ba9a3a342f/1eb0c81d-8846-429f-8f46-8e2b0a6fb903.template
Copy |
Sophos | dedicated-public-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/5f586dc5-3e29-4450-8a60-8b3793ae7dbf/5f586dc5-3e29-4450-8a60-8b3793ae7dbf/2b307b6c-8135-4f39-a086-880f7f3ed25e/da6dce69-b234-44dc-a090-5d50f7dc6e92/15549755-72c8-48b7-b2d3-32dabc261167.template
Copy |
Sophos | dedicated-private-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/4ed2be10-111c-4ffd-983a-b0ba827cd768/4ed2be10-111c-4ffd-983a-b0ba827cd768/2b307b6c-8135-4f39-a086-880f7f3ed25e/a4c7e820-a6ec-4553-be98-632f04143b51/ef0028d4-ff0e-45ae-b255-b074ece29e98.template
Copy |
Sophos | shared-vpc | https://awsmp-cft-992382380361-1708727387563.s3.us-east-1.amazonaws.com/7b3bdcff-286e-46c7-a440-5896c1c8ddf6/7b3bdcff-286e-46c7-a440-5896c1c8ddf6/2b307b6c-8135-4f39-a086-880f7f3ed25e/16be9aed-b05d-424f-ac1b-91ccd1559958/46f80b8d-0d07-4fd2-816a-525ba78f1cfb.template
Copy |
In case the current version is
1.x
, follow the Migration Steps first!
When upgrading to bucketAV with engine ClamAV, fullfillment option
dedicated-private-vpc
, and version <=2.13.0 expect an increase of VPC costs by about $68/month, as we replaced the NAT Gateway with 7 VPC Endpoints to enhance network security.
Next, you are ready to update bucketAV.
- Select the bucketAV stack (e.g.,
bucketav
) and press the Update button. - Select Replace current template and paste the Amazon S3 URL that you picked above.
- Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS
CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
You are done!
Migration Steps
v1 to v2
- The product was renamed from VirusScan for Amazon S3 to bucketAV - Antivirus for Amazon S3.
- EC2 instances now run on spot capacity. Set the CapacityStrategy configuration parameter to
OnDemandOnly
to launch on-demand instances as before (more expensive). - The parameter configuration
VolumeSize
was removed. No action is needed. - The SNS message subject changed from
s3-virusscan s3://${BUCKET_NAME}
tobucketAV Scan Result for S3 Bucket ${BUCKET_NAME}
. No topic subscriber should rely on the subject. - The configuration parameter
TagKey
now defaults tobucketav
(previouslys3-virusscan
) for new installations. You can change the default if needed. - If the configuration parameter
OpsCenterIntegration
is set to true, the source in Ops Items changes froms3-virusscan
tobucketAV
. - Add-Ons
- The configuration parameter
S3VirusScanStackName
changed toBucketAVStackName
.
- The configuration parameter
v1.3 to 1.4
If you use bucketAV in a Multi-Account setup, please allowlist all accounts by adding them (comma separated) to the AWSAccountRestriction configuration parameter.