Update Guide
We regularly release new bucketAV versions to add features, improve performance, or patch vulnerabilities (see our release notes). The latest versions are:
- bucketAV for Amazon S3 powered by ClamAV®:
v2.29.0
- bucketAV for Amazon S3 powered by Sophos®:
v2.21.0
- bucketAV for Amazon S3 powered by multiple engines:
v2.0.0
- bucketAV for Cloudflare R2 powered by ClamAV®:
v2.8.0
- bucketAV for Cloudflare R2 powered by Sophos®:
v2.8.0
bucketAV supports updates without downtime. You don’t need to be afraid of updating bucketAV, even when files are scanned.
There are two ways to update bucketAV: The preferred Quick Update and the legacy Manual Update.
Quick Update
Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.15.0, bucketAV for Amazon S3 powered by Sophos® version >= 2.5.0, or any version of bucketAV for Cloudflare R2. If you are using an older version, perform a manual update instead.
- Visit the AWS CloudWatch Management Console.
- Navigate to Dashboards.
- Select the dashboard starting with the name
bucketav
followed by the name of the AWS region—for example,bucketav-eu-west-1
. - Find the Update tile. Click the Update button. If there is no Update tile in your dashboard, perform a manual update.
- You are redirected to AWS CloudFormation. Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Next.
- Scroll to the bottom of the page and click on Submit.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Don’t forget to update your Add-Ons in the dashboard!
Manual Update
Before you update bucketAV to the latest version, you need to find out the current version, engine, and fulfillment option you are using.
- Visit the AWS CloudFormation Console
- Ensure that you are in the correct region.
- Navigate to Stacks.
- Click on the bucketAV stack (if you followed the docs, the name is
bucketav
). - Click on the Outputs tab.
- The output
Platform
showsaws
orcloudflare
. In case, the outputPlatform
is missing, you are runningaws
. - The output
Engine
showsclamav
,sophos
ormulti
. In case, the outputEngine
is missing, you are runningclamav
. - The output
Version
shows the current version of bucketAV. - The output
FulfillmentOption
shows the fulfillment option.
Afterward, pick the Amazon S3 URL of the matching CloudFormation template from the following table.
In case the current version is
1.x
, follow the Migration Steps first!
When upgrading to bucketAV with engine ClamAV, fulfillment option
dedicated-private-vpc
, and version <=2.13.0 expect an increase in VPC costs by about $68/month, as we replaced the NAT Gateway with 7 VPC Endpoints to enhance network security.
Fulfillment Option | Amazon S3 URL |
---|---|
dedicated-public-vpc | https://bucketav-templates.s3.eu-west-1.amazonaws.com/aws/multi/2.0.0/dedicated-public-vpc.yaml Copy |
dedicated-private-vpc | https://bucketav-templates.s3.eu-west-1.amazonaws.com/aws/multi/2.0.0/dedicated-private-vpc.yaml Copy |
shared-vpc | https://bucketav-templates.s3.eu-west-1.amazonaws.com/aws/multi/2.0.0/shared-vpc.yaml Copy |
Next, you are ready to update bucketAV.
- Select the bucketAV stack (e.g.,
bucketav
) and press the Update stack button; press Make a direct update. - Select Replace existing template and paste the Amazon S3 URL that you picked above.
- Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Next.
- Scroll to the bottom of the page and click on Submit.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Don’t forget to update your Add-Ons!
Migration Steps
v1 to v2
- The product was renamed from VirusScan for Amazon S3 to bucketAV - Antivirus for Amazon S3.
- EC2 instances now run on spot capacity. Set the CapacityStrategy configuration parameter to
OnDemandOnly
to launch on-demand instances as before (more expensive). - The parameter configuration
VolumeSize
was removed. No action is needed. - The SNS message subject changed from
s3-virusscan s3://${BUCKET_NAME}
tobucketAV Scan Result for S3 Bucket ${BUCKET_NAME}
. No topic subscriber should rely on the subject. - The configuration parameter
TagKey
now defaults tobucketav
(previouslys3-virusscan
) for new installations. You can change the default if needed. - If the configuration parameter
OpsCenterIntegration
is set to true, the source in Ops Items changes froms3-virusscan
tobucketAV
. - Add-Ons
- The configuration parameter
S3VirusScanStackName
changed toBucketAVStackName
.
- The configuration parameter
v1.3 to 1.4
If you use bucketAV in a Multi-Account setup, please allowlist all accounts by adding them (comma separated) to the AWSAccountRestriction configuration parameter.