Update Guide
We regularly release new bucketAV versions to add features, improve performance, or patch vulnerabilities (see our release notes). The latest versions are:
- bucketAV powered by ClamAV®:
v2.26.0
- bucketAV powered by Sophos®:
v2.18.0
bucketAV supports updates without downtime. You don’t need to be afraid of updating bucketAV, even when files are scanned.
Quick Update
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.15.0, bucketAV for Amazon S3 powered by Sophos® version >= 2.5.0, or any version of bucketAV for Cloudflare R2. If you are using an older version, perform a manual update instead.
- Visit the AWS CloudWatch Management Console.
- Navigate to Dashboards.
- Select the dashboard starting with the name
bucketav
followed by the name of the AWS region—for example,bucketav-eu-west-1
. - Find the Update tile. Click the Update button. If there is no Update tile in your dashboard, perform a manual update.
- You are redirected to AWS CloudFormation. Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS
CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
You are done!
Manual Update
Before you update bucketAV to the latest version, you need to find out the current version, engine, and fulfillment option you are using.
- Visit the AWS CloudFormation Console
- Ensure that you are in the correct region.
- Navigate to Stacks.
- Click on the bucketAV stack (if you followed the docs, the name is
bucketav
). - Click on the Outputs tab.
- The output
Engine
showsclamav
orsophos
. In case, the outputEngine
is missing, you are runningclamav
. - The output
Version
shows the current version of bucketAV. - The output
FulfillmentOption
shows the fulfillment option.
Afterwards, pick the Amazon S3 URL of the matching CloudFormation template from the following table.
Engine | Fulfillment Option | Amazon S3 URL |
---|---|---|
ClamAV | dedicated-public-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32/d416d51f716e49c78a7abf086e4b4d38.template
Copy |
ClamAV | dedicated-private-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32/81b1e6a053214bd7bce4e661bc9f1fec.template
Copy |
ClamAV | shared-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32/ec182ed7d626436ea797ac3d2761abed.template
Copy |
Sophos | dedicated-public-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/997c54c039a443b3860662ab1afd782d.template
Copy |
Sophos | dedicated-private-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/5b3ad37c009f48ee807356e3fbb2cf2e.template
Copy |
Sophos | shared-vpc | https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/419ca767a82b4bacb1766601f3d7fdde.template
Copy |
In case the current version is
1.x
, follow the Migration Steps first!
When upgrading to bucketAV with engine ClamAV, fullfillment option
dedicated-private-vpc
, and version <=2.13.0 expect an increase of VPC costs by about $68/month, as we replaced the NAT Gateway with 7 VPC Endpoints to enhance network security.
Next, you are ready to update bucketAV.
- Select the bucketAV stack (e.g.,
bucketav
) and press the Update button. - Select Replace current template and paste the Amazon S3 URL that you picked above.
- Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS
CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
You are done!
Migration Steps
v1 to v2
- The product was renamed from VirusScan for Amazon S3 to bucketAV - Antivirus for Amazon S3.
- EC2 instances now run on spot capacity. Set the CapacityStrategy configuration parameter to
OnDemandOnly
to launch on-demand instances as before (more expensive). - The parameter configuration
VolumeSize
was removed. No action is needed. - The SNS message subject changed from
s3-virusscan s3://${BUCKET_NAME}
tobucketAV Scan Result for S3 Bucket ${BUCKET_NAME}
. No topic subscriber should rely on the subject. - The configuration parameter
TagKey
now defaults tobucketav
(previouslys3-virusscan
) for new installations. You can change the default if needed. - If the configuration parameter
OpsCenterIntegration
is set to true, the source in Ops Items changes froms3-virusscan
tobucketAV
. - Add-Ons
- The configuration parameter
S3VirusScanStackName
changed toBucketAVStackName
.
- The configuration parameter
v1.3 to 1.4
If you use bucketAV in a Multi-Account setup, please allowlist all accounts by adding them (comma separated) to the AWSAccountRestriction configuration parameter.