Content distribution
By regularly scanning content before distribution, organizations can demonstrate their commitment to security and help build trust with their users. You don’t want to be the source from which a user downloads malware!
Our customers use the following options to protect their internal and external users in real-time:
Block infected file download
You can allow downloads only if the file is clean using an S3 bucket policy. Therefore, you block downloads of infected and unscanned files.
Replace BUCKET_NAME with the name of your S3 bucket.
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "bucketAVAllowClean",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject*",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/bucketav": "clean"
}
}
}
}
Setup
- Follow the Getting started guide (reporting part is optional).
- Set the DeleteInfectedFiles configuration parameter to
false. - Apply the bucket policy from above to the S3 bucket.
Reporting only
Awareness of potential threats might be good enough and minimizes the impact on your content.
Setup
- Follow the Getting started guide.
- Set the DeleteInfectedFiles configuration parameter to
false.