Update Guide

We are regulary releasing new version of bucketAV to add features, improve performance, or patch vulnerabilities. Here are the latest versions.

  • bucketAV powered by ClamAV®: v2.12.0
  • bucketAV powered by Sophos®: v2.1.0

Are you looking for information on how to get started with bucketAV, read the Setup Guide instead!

bucketAV supports updates without downtime. Do not fear updating bucketAV, even during times when objects are scanned.

Update bucketAV

Before you update bucketAV to the latest version, you need to find out the current version, engine, and fulfillment option (aka delivery method) you are using.

  1. Visit the AWS CloudFormation Console
  2. Ensure that you are in the correct region.
  3. Navigate to Stacks.
  4. Click on the bucketAV stack (if you followed the docs, the name is bucketav).
  5. Click on the Outputs tab.
  6. The output Engine shows clamav or sophos. In case, the output Engine is missing, you are running clamav.
  7. The output Version shows the current version of bucketAV.
  8. The output FulfillmentOption shows the fulfillment option.

Afterwards, pick the Amazon S3 URL of the matching CloudFormation template from the following table.

EngineFulfillment OptionAmazon S3 URL
ClamAVdedicated-public-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.bd714c91-7bed-4ac6-bb6e-76c2a066cd16.template Copy
ClamAVdedicated-private-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.45f74807-0604-46cc-ad79-ffdfc6198e57.template Copy
ClamAVshared-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.783abe9d-e095-4ecd-80f4-aea858110d84.template Copy
Sophosdedicated-public-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/f5958a64ccf24ea38473c2cc069d0307.template Copy
Sophosdedicated-private-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/276db67aef6c4bacb947cd1922d37243.template Copy
Sophosshared-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e/6ea5802728724fe1bc9358230d6d7868.template Copy

In case the current version is 1.x, follow the Migration Steps first!

Next, you are ready to update bucketAV.

  1. Select the bucketAV stack (e.g., bucketav) and press the Update button. Step 1
  2. Select Replace current template and paste the Amazon S3 URL that you picked above. Step 2
  3. Click on Next.
  4. Scroll to the bottom of the page and click on Next. Step 3
  5. Scroll to the bottom of the page and click on Next. Step 4
  6. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack. Step 5
  7. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and … Step 6
  8. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE. Step 7

You are done!

Migration Steps

v1 to v2

  • The product was renamed from VirusScan for Amazon S3 to bucketAV - Antivirus for Amazon S3.
  • EC2 instances now run on spot capacity. Set the CapacityStrategy configuration parameter to OnDemandOnly to launch on-demand instances as before (more expensive).
  • The parameter configuration VolumeSize was removed. No action is needed.
  • The SNS message subject changed from s3-virusscan s3://${BUCKET_NAME} to bucketAV Scan Result for S3 Bucket ${BUCKET_NAME}. No topic subscriber should rely on the subject.
  • The configuration parameter TagKey now defaults to bucketav (previously s3-virusscan) for new installations. You can change the default if needed.
  • If the configuration parameter OpsCenterIntegration is set to true, the source in Ops Items changes from s3-virusscan to bucketAV.
  • Add-Ons
    • The configuration parameter S3VirusScanStackName changed to BucketAVStackName.

v1.3 to 1.4

If you use bucketAV in a Multi-Account setup, please allowlist all accounts by adding them (comma separated) to the AWSAccountRestriction configuration parameter.

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.